EUVD-2016-0017

Malware in sbrugna...

Arbitrary Code Execution

Mercurial is vulnerable to a Arbitrary Code Execution. The vulnerability is due to incorrect bound checks in the binary delta decoder which allows an attacker to execute arbitrary code via a clone, push, or pull command, related to either list sizing rounding error or short records...

SUSE CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

GHSA-9VJF-JJCQ-3GH7 Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

Amazon Linux AMI : mercurial (ALAS-2016-697)

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7.3 allows remote...

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

Command injection

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

UBUNTU-CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

PYSEC-2016-29

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

CVE-2016-3630

CVE-2016-3630 : Mercurial versions before 3.7.3 are affected by a binary delta decoder vulnerability that could allow remote code execution via clone, push, or pull due to a list sizing rounding error and short records. Connected advisories indicate the fix is to upgrade Mercurial to 3.7.3 or new...

Debian DSA-3542-1 : mercurial - security update

Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in...

mercurial: arbitrary code execution

CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...

[SECURITY] [DSA 3542-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3542-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3542-1 (mercurial - security update)

Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in...