19 matches found
RHEL 7 : mercurial (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The...
Debian: Security Advisory (DLA-1224-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0041)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Advisory ROSA-SA-2021-1918
Software: mercurial 2.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-9462 CVE-Crit: CRITICAL CVE-DESC: The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command. CVE-STATUS: default CVE-REV: defau...
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2021-1816)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2020-2367)
According to the version of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form o...
Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2020-2367)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2293-1 : mercurial security update
Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a...
Debian: Security Advisory (DLA-2293-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1414-2] mercurial regression update
Package : mercurial Version : 3.1.2-2+deb8u6 CVE ID : CVE-2017-17458 The fix for arbitrary code execution documented in CVE-2017-17458 was incomplete in the previous upload. A more exhaustive change was implemented upstream and completely disables non-Mercurial subrepositories unless users change...
Debian: Security Advisory (DLA-1414-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1414-2 : mercurial regression update
The fix for arbitrary code execution documented in CVE-2017-17458 was incomplete in the previous upload. A more exhaustive change was implemented upstream and completely disables non-Mercurial subrepositories unless users changed the subrepos.allowed setting. For Debian 8 'Jessie', this problem h...
SUSE-SU-2018:0127-1 Security update for mercurial
This update for mercurial fixes the following issues: - CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of...
SUSE-SU-2018:0129-1 Security update for mercurial
This update for mercurial fixes the following issues: - CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of...
MGASA-2018-0041 Updated mercurial packages fix security vulnerability
A specially malformed repository may have caused Git subrepositories to run arbitrary code CVE-2017-17458...
openSUSE Security Update : mercurial (openSUSE-2017-1388)
This update for mercurial fixes the following issue : - CVE-2017-17458: A specially malformed repository may have caused Git subrepositories to run arbitrary code bsc1071715 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
CVE-2017-17458
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...
CVE-2017-17458
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...
CVE-2017-17458
CVE-2017-17458 affects Mercurial prior to 4.4.1. A specially malformed repository can cause Git subrepositories to execute arbitrary code via a checked-in .git/hooks/post-update script. This condition can occur despite typical Mercurial usage preventing such repositories, though they can be creat...