mercurial: arbitrary code execution

2016-05-06T00:00:00
ID ASA-201605-10
Type archlinux
Reporter Arch Linux
Modified 2016-05-06T00:00:00

Description

Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake Burkhart.