Mageia 2019-0250: mercurial security update
Summary
It was discovered that Mercurial mishandled symlinks in subrepositories.
An attacker could use this vulnerability to write arbitrary files to the
target’s filesystem (CVE-2019-3902).
References
- https://bugs.mageia.org/show_bug.cgi?id=25291
- https://ubuntu.com/security/notices/USN-4086-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
Resolution
MGASA-2019-0250 - Updated mercurial packages fix security vulnerability
SRPMS
- 6/core/mercurial-4.9.1-1.mga6
- 7/core/mercurial-4.9.1-1.mga7