Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | mercurial | <Â 3.1.1-5.5 | mercurial-3.1.1-5.5.mga5 |