RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The...

RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The conver...

SUSE CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

EulerOS 2.0 SP1 : mercurial (EulerOS-SA-2016-1019)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository...

openSUSE Security Update : mercurial (openSUSE-2016-609)

This update for mercurial fixes the following issues : Security issue fixed : - CVE-2016-3105: Fixed arbitrary code execution whenusing the convert extension on Git repo. boo978391 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

DEBIAN-CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

UBUNTU-CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

PYSEC-2016-28

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

Code injection

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

PYSEC-2016-28

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The CVE-2016-3105 entry affects Mercurial prior to 3.8, where the convert extension could allow remote arbitrary code execution via a crafted Git repository name. Multiple advisories (GHSA, Debian DSA/DSA, Mageia, Gentoo GLSA) and vendor pages confirm: vulnerable component is the convert extensio...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

Mercurial Arbitrary Code Execution Vulnerability

Mercurial is a set of cross-platform distributed version control software written in the Python language . A security vulnerability in Mercurial's use of the convert extension in Git repos allows remote attackers to submit a special request to execute arbitrary code...

[SECURITY] [DLA 459-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u3 CVE ID : CVE-2016-3105 Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects...

mercurial: arbitrary code execution

Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake...

Amazon Linux AMI : mercurial (ALAS-2016-697)

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7.3 allows remote...

mercurial: convert extension command injection via git repository names

It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository...