VYPR

rpm package

suse/mercurial&distro=SUSE Linux Enterprise Software Development Kit 12 SP1

pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Vulnerabilities (4)

  • CVE-2016-3105HigMay 9, 2016
    affected < 2.8.2-9.1fixed 2.8.2-9.1

    The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

  • CVE-2016-3630HigApr 13, 2016
    affected < 2.8.2-6.1fixed 2.8.2-6.1

    The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

  • CVE-2016-3069HigApr 13, 2016
    affected < 2.8.2-6.1fixed 2.8.2-6.1

    Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

  • CVE-2016-3068HigApr 13, 2016
    affected < 2.8.2-6.1fixed 2.8.2-6.1

    Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.