VYPR

rpm package

suse/mercurial&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (4)

  • CVE-2017-17458CriDec 7, 2017
    affected < 2.8.2-15.6.1fixed 2.8.2-15.6.1

    In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but

  • CVE-2017-1000116CriOct 5, 2017
    affected < 2.8.2-15.3.1fixed 2.8.2-15.3.1

    Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

  • CVE-2017-1000115HigOct 5, 2017
    affected < 2.8.2-15.3.1fixed 2.8.2-15.3.1

    Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

  • CVE-2017-9462HigJun 6, 2017
    affected < 2.8.2-14.1fixed 2.8.2-14.1

    In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.