Gentoo Security Advisory GLSA 201605-01

Gentoo Linux Local Security Checks GLSA 201605-01 SPDX-FileCopyrightText: 2016 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

[SECURITY] [DLA 459-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u3 CVE ID : CVE-2016-3105 Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects...

RedHat Update for mercurial RHSA-2016:0706-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3570-1 : mercurial - security update

Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository name...

[SECURITY] [DSA 3570-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3570-1 (mercurial - security update)

Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository name...

Apple Patches Two Flaws in Xcode's Git Implementation

Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution. The new version of Xcode, 7.3.1, is available for El...

About the security content of Xcode 7.3.1

About the security content of Xcode 7.3.1 This document describes the security content of Xcode 7.3.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To...

RHEL 7 : mercurial (RHSA-2016:0706)

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

GLSA-201605-01 : Git: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201605-01 Git: Multiple vulnerabilities Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large number of nested trees. Additionally, some protocols within Git, such as...

Git: Multiple vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...

Fedora 24 : git-2.7.4-1.fc24 (2016-8f164810c3)

Update to 2.7.4 for CVE-2016-2315, CVE-2016-2324. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for git FEDORA-2016-8

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: git-2.7.4-1.fc24

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Security update for mercurial (important)

mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos bsc973176. - CVE-2016-3068: Arbitrary code execution with Git subrepos bsc973177. - CVE-2016-3630: Remote code execution in binary delta decodi...

Updated mercurial packages fix security vulnerabilities

Updated mercurial packages fix security vulnerabilities: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone CVE-2016-3068. Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git...

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository...

CVE-2016-3068

Mercurial before 3.7.3 is vulnerable to remote code execution via a crafted git ext:: URL when cloning a subrepository, enabling an attacker to run arbitrary code. Public advisories (ALAS-2016-697; CentOS/RH/Fedora updates) confirm this CVE-2016-3068 issue and indicate the fix is mercurial 3.7.3....

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

Design/Logic Flaw

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...