VYPR

rpm package

suse/mercurial&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (5)

  • CVE-2016-3105HigMay 9, 2016
    affected < 2.8.2-9.1fixed 2.8.2-9.1

    The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

  • CVE-2016-3630HigApr 13, 2016
    affected < 2.8.2-6.1fixed 2.8.2-6.1

    The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

  • CVE-2016-3069HigApr 13, 2016
    affected < 2.8.2-6.1fixed 2.8.2-6.1

    Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

  • CVE-2016-3068HigApr 13, 2016
    affected < 2.8.2-6.1fixed 2.8.2-6.1

    Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

  • CVE-2014-9462Mar 31, 2015
    affected < 2.8.2-3.1fixed 2.8.2-3.1

    The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.