Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 2 May 2016 15:37:38 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: mercurial on SL7.x x86_64 MIME-Version: 1.0 Message-ID: <20160502153738.432.63933@slpackages.fnal.gov> Synopsis: Important: mercurial security update Advisory ID: SLSA-2016:0706-1 Issue Date: 2016-05-02 CVE Numbers: CVE-2016-3068 CVE-2016-3069 -- Security Fix(es): * It was discovered that Mercurial failed to properly check Git sub- repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. (CVE-2016-3068) * It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. (CVE-2016-3069) -- SL7 x86_64 emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm mercurial-2.6.2-6.el7_2.x86_64.rpm mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm - Scientific Linux Development Team