Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 427
Alerts This Week
Warning Icon 1 427

Debian: DSA-3257-1 Moderate Command Injection Threat in Mercurial

debian
Calendar Grey May 11, 2015
Debian Logo
The Arch Linux Security Announcement ASA-4001-1 highlights a vulnerability in Git; users are urged to update promptly.
Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a c...

Summary

For the oldstable distribution (wheezy), this problem has been fixed in
version 2.2.2-4+deb7u1. This update also includes a fix for
CVE-2014-9390 previously scheduled for the next wheezy point release.

For the stable distribution (jessie), this problem has been fixed in
version 3.1.2-2+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 3.4-1.

We recommend that you upgrade your mercurial packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
important
Lowest
Low
Medium
High
Critical

Package: mercurial
CVE ID: CVE-2014-9462

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.