SCIENTIFIC-LINUX-ERRATA Archives

May 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: mercurial on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 2 May 2016 15:37:38 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines) 
Synopsis:          Important: mercurial security update
Advisory ID:       SLSA-2016:0706-1
Issue Date:        2016-05-02
CVE Numbers:       CVE-2016-3068
                   CVE-2016-3069
--

Security Fix(es):

* It was discovered that Mercurial failed to properly check Git sub-
repository URLs. A Mercurial repository that includes a Git sub-repository
with a specially crafted URL could cause Mercurial to execute arbitrary
code. (CVE-2016-3068)

* It was discovered that the Mercurial convert extension failed to
sanitize special characters in Git repository names. A Git repository with
a specially crafted name could cause Mercurial to execute arbitrary code
when the Git repository was converted to a Mercurial repository.
(CVE-2016-3069)
--

SL7
  x86_64
    emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm
    emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm
    mercurial-2.6.2-6.el7_2.x86_64.rpm
    mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm
    mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2