rpm package
suse/mercurial&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3105 | Hig | 8.8 | < 2.8.2-9.1 | 2.8.2-9.1 | May 9, 2016 | The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |
| CVE-2016-3630 | Hig | 8.8 | < 2.8.2-6.1 | 2.8.2-6.1 | Apr 13, 2016 | The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | |
| CVE-2016-3069 | Hig | 8.8 | < 2.8.2-6.1 | 2.8.2-6.1 | Apr 13, 2016 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | |
| CVE-2016-3068 | Hig | 8.8 | < 2.8.2-6.1 | 2.8.2-6.1 | Apr 13, 2016 | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. |
- affected < 2.8.2-9.1fixed 2.8.2-9.1
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
- affected < 2.8.2-6.1fixed 2.8.2-6.1
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
- affected < 2.8.2-6.1fixed 2.8.2-6.1
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
- affected < 2.8.2-6.1fixed 2.8.2-6.1
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.