VYPR

rpm package

suse/mercurial&distro=SUSE Linux Enterprise Module for Development Tools 15

pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015

Vulnerabilities (4)

  • CVE-2018-17983CriOct 4, 2018
    affected < 4.5.2-3.6.1fixed 4.5.2-3.6.1

    cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

  • CVE-2018-13348HigJul 6, 2018
    affected < 4.5.2-3.3.1fixed 4.5.2-3.3.1

    The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

  • CVE-2018-13347CriJul 6, 2018
    affected < 4.5.2-3.3.1fixed 4.5.2-3.3.1

    mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

  • CVE-2018-13346HigJul 6, 2018
    affected < 4.5.2-3.3.1fixed 4.5.2-3.3.1

    The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.