Gentoo FoundationMGASA-2017-0282

HistoryAug 19, 2017 - 12:58 p.m.

Updated mercurial packages fix security vulnerabilities

2017-08-1912:58:33

Gentoo Foundation

advisories.mageia.org

0.014 Low

EPSS

Percentile

86.1%

JSON

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand.

OSVersionArchitecturePackageVersionFilename
Mageia6noarchmercurial< 4.1.3-1.1mercurial-4.1.3-1.1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	mercurial	< 4.1.3-1.1	mercurial-4.1.3-1.1.mga6

References

bugs.mageia.org/show_bug.cgi?id=21502

www.mercurial-scm.org/pipermail/mercurial/2017-August/050522.html

nessus

EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2017-1217)

2017-09-11 00:00:00

Amazon Linux AMI : mercurial (ALAS-2017-893)

2017-09-15 00:00:00

Oracle Linux 7 : mercurial (ELSA-2017-2489)

2017-08-18 00:00:00

oraclelinux

mercurial security update

2017-08-17 00:00:00

osv

mercurial - security update

2017-08-28 00:00:00

mercurial - security update

2017-09-04 00:00:00

PYSEC-2017-88

2017-10-05 01:29:00

amazon

Important: mercurial

2017-09-13 22:52:00

openvas

Mageia: Security Advisory (MGASA-2017-0331)

2022-01-28 00:00:00

RedHat Update for mercurial RHSA-2017:2489-01

2017-08-18 00:00:00

Fedora Update for mercurial FEDORA-2017-f03b04acbb

2017-08-30 00:00:00

slackware

[slackware-security] mercurial

2017-08-11 23:11:24

freebsd

mercurial -- multiple issues

2017-10-05 00:00:00

Mercurial -- multiple vulnerabilities

2017-08-10 00:00:00

fedora

[SECURITY] Fedora 26 Update: mercurial-4.2.3-1.fc26

2017-08-29 15:20:01

[SECURITY] Fedora 25 Update: mercurial-3.8.1-4.fc25

2017-09-28 23:56:01

centos

emacs, mercurial security update

2017-08-31 18:58:32

mageia

Updated mercurial package fixes security vulnerabilities

2017-09-07 12:07:16

redhat

(RHSA-2017:2489) Important: mercurial security update

2017-08-17 09:19:11

debian

[SECURITY] [DSA 3963-1] mercurial security update

2017-09-04 07:05:20

[SECURITY] [DSA 3963-1] mercurial security update

2017-09-04 07:05:37

[SECURITY] [DLA 1072-1] mercurial security update

2017-08-31 11:57:46

gentoo

Mercurial: Multiple vulnerabilities

2017-09-24 00:00:00

archlinux

[ASA-201708-7] mercurial: multiple issues

2017-08-12 00:00:00

veracode

Write Files Outside Of Repository

2017-08-15 22:49:54

Arbitrary Command Execution

2017-10-30 00:47:04

debiancve

CVE-2017-1000115

2017-10-05 01:29:00

CVE-2017-1000116

2017-10-05 01:29:00

CVE-2017-12976

2017-08-20 20:29:00

github

Mercurial missing symlink check

2022-05-14 01:04:30

Mercurial is vulnerable to shell injection attack

2022-05-13 01:40:56

Dulwich RCE Vulnerability

2022-05-13 01:44:04

cvelist

CVE-2017-1000115

2017-10-04 01:00:00

CVE-2017-1000116

2017-10-04 01:00:00

CVE-2017-12976

2017-08-20 20:00:00

prion

Design/Logic Flaw

2017-10-05 01:29:00

Sql injection

2017-10-05 01:29:00

Sql injection

2017-08-20 20:29:00

alpinelinux

CVE-2017-1000115

2017-10-05 01:29:00

CVE-2017-1000116

2017-10-05 01:29:00

redhatcve

CVE-2017-1000116

2017-08-10 19:18:29

CVE-2017-1000115

2019-10-07 14:28:05

CVE-2017-16228

2017-11-03 14:19:26

ubuntucve

CVE-2017-1000116

2017-10-05 00:00:00

CVE-2017-1000115

2017-10-05 00:00:00

CVE-2017-12976

2017-08-20 00:00:00

cve

CVE-2017-1000116

2017-10-05 01:29:00

CVE-2017-1000115

2017-10-05 01:29:00

CVE-2017-12976

2017-08-20 20:29:00

myhack58

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2017-08-11 00:00:00

hackerone

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-14 20:53:18

ibm

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

photon

Critical Photon OS Security Update - PHSA-2017-0078

2017-10-19 00:00:00

Updated mercurial packages fix security vulnerabilities

References

Related