mercurial: arbitrary code execution

ID ASA-201605-10
Type archlinux
Reporter Arch Linux
Modified 2016-05-06T00:00:00


Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake Burkhart.