Gentoo FoundationMGASA-2017-0331

HistorySep 07, 2017 - 12:07 p.m.

Updated mercurial package fixes security vulnerabilities

2017-09-0712:07:16

Gentoo Foundation

advisories.mageia.org

0.014 Low

EPSS

Percentile

86.1%

JSON

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand.

OSVersionArchitecturePackageVersionFilename
Mageia5noarchmercurial< 3.1.1-5.5mercurial-3.1.1-5.5.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	mercurial	< 3.1.1-5.5	mercurial-3.1.1-5.5.mga5

References

bugs.mageia.org/show_bug.cgi?id=21510

www.mercurial-scm.org/pipermail/mercurial/2017-August/050522.html

nessus

RHEL 7 : mercurial (RHSA-2017:2489)

2017-08-18 00:00:00

EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2017-1218)

2017-09-11 00:00:00

Scientific Linux Security Update : mercurial on SL7.x x86_64 (20170817)

2017-08-22 00:00:00

amazon

Important: mercurial

2017-09-13 22:52:00

openvas

Mageia: Security Advisory (MGASA-2017-0331)

2022-01-28 00:00:00

Mageia: Security Advisory (MGASA-2017-0282)

2022-01-28 00:00:00

RedHat Update for mercurial RHSA-2017:2489-01

2017-08-18 00:00:00

slackware

[slackware-security] mercurial

2017-08-11 23:11:24

freebsd

mercurial -- multiple issues

2017-10-05 00:00:00

Mercurial -- multiple vulnerabilities

2017-08-10 00:00:00

oraclelinux

mercurial security update

2017-08-17 00:00:00

osv

mercurial - security update

2017-08-28 00:00:00

mercurial - security update

2017-09-04 00:00:00

PYSEC-2017-88

2017-10-05 01:29:00

fedora

[SECURITY] Fedora 26 Update: mercurial-4.2.3-1.fc26

2017-08-29 15:20:01

[SECURITY] Fedora 25 Update: mercurial-3.8.1-4.fc25

2017-09-28 23:56:01

redhat

(RHSA-2017:2489) Important: mercurial security update

2017-08-17 09:19:11

mageia

Updated mercurial packages fix security vulnerabilities

2017-08-19 12:58:33

centos

emacs, mercurial security update

2017-08-31 18:58:32

debian

[SECURITY] [DSA 3963-1] mercurial security update

2017-09-04 07:05:20

[SECURITY] [DSA 3963-1] mercurial security update

2017-09-04 07:05:37

[SECURITY] [DLA 1072-1] mercurial security update

2017-08-31 11:57:46

gentoo

Mercurial: Multiple vulnerabilities

2017-09-24 00:00:00

archlinux

[ASA-201708-7] mercurial: multiple issues

2017-08-12 00:00:00

veracode

Write Files Outside Of Repository

2017-08-15 22:49:54

Arbitrary Command Execution

2017-10-30 00:47:04

debiancve

CVE-2017-1000115

2017-10-05 01:29:00

CVE-2017-1000116

2017-10-05 01:29:00

CVE-2017-12976

2017-08-20 20:29:00

cvelist

CVE-2017-1000115

2017-10-04 01:00:00

CVE-2017-1000116

2017-10-04 01:00:00

CVE-2017-12976

2017-08-20 20:00:00

github

Mercurial missing symlink check

2022-05-14 01:04:30

Mercurial is vulnerable to shell injection attack

2022-05-13 01:40:56

Dulwich RCE Vulnerability

2022-05-13 01:44:04

prion

Design/Logic Flaw

2017-10-05 01:29:00

Sql injection

2017-10-05 01:29:00

Sql injection

2017-08-20 20:29:00

alpinelinux

CVE-2017-1000115

2017-10-05 01:29:00

CVE-2017-1000116

2017-10-05 01:29:00

cve

CVE-2017-1000116

2017-10-05 01:29:00

CVE-2017-1000115

2017-10-05 01:29:00

CVE-2017-12976

2017-08-20 20:29:00

redhatcve

CVE-2017-1000116

2017-08-10 19:18:29

CVE-2017-1000115

2019-10-07 14:28:05

CVE-2017-16228

2017-11-03 14:19:26

ubuntucve

CVE-2017-1000116

2017-10-05 00:00:00

CVE-2017-1000115

2017-10-05 00:00:00

CVE-2017-12976

2017-08-20 00:00:00

myhack58

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2017-08-11 00:00:00

hackerone

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-14 20:53:18

ibm

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

photon

Critical Photon OS Security Update - PHSA-2017-0078

2017-10-19 00:00:00

Updated mercurial package fixes security vulnerabilities

References

Related