Synopsis:          Important: mercurial security update
Advisory ID:       SLSA-2016:0706-1
Issue Date:        2016-05-02
CVE Numbers:       CVE-2016-3068
                   CVE-2016-3069
--

Security Fix(es):

* It was discovered that Mercurial failed to properly check Git sub-
repository URLs. A Mercurial repository that includes a Git sub-repository
with a specially crafted URL could cause Mercurial to execute arbitrary
code. (CVE-2016-3068)

* It was discovered that the Mercurial convert extension failed to
sanitize special characters in Git repository names. A Git repository with
a specially crafted name could cause Mercurial to execute arbitrary code
when the Git repository was converted to a Mercurial repository.
(CVE-2016-3069)
--

SL7
  x86_64
    emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm
    emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm
    mercurial-2.6.2-6.el7_2.x86_64.rpm
    mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm
    mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm

- Scientific Linux Development Team