rpm package
suse/mercurial&distro=SUSE Linux Enterprise Software Development Kit 12
pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3105 | Hig | 8.8 | < 2.8.2-9.1 | 2.8.2-9.1 | May 9, 2016 | The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |
| CVE-2016-3630 | Hig | 8.8 | < 2.8.2-6.1 | 2.8.2-6.1 | Apr 13, 2016 | The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | |
| CVE-2016-3069 | Hig | 8.8 | < 2.8.2-6.1 | 2.8.2-6.1 | Apr 13, 2016 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | |
| CVE-2016-3068 | Hig | 8.8 | < 2.8.2-6.1 | 2.8.2-6.1 | Apr 13, 2016 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | |
| CVE-2014-9462 | — | < 2.8.2-3.1 | 2.8.2-3.1 | Mar 31, 2015 | The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. |
- affected < 2.8.2-9.1fixed 2.8.2-9.1
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
- affected < 2.8.2-6.1fixed 2.8.2-6.1
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
- affected < 2.8.2-6.1fixed 2.8.2-6.1
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
- affected < 2.8.2-6.1fixed 2.8.2-6.1
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
- CVE-2014-9462Mar 31, 2015affected < 2.8.2-3.1fixed 2.8.2-3.1
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.