Debian Security Advisory DSA 3570-1 (mercurial - security update)

Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository name...

Apple Patches Two Flaws in Xcode's Git Implementation

Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution. The new version of Xcode, 7.3.1, is available for El...

Amazon Linux AMI : mercurial (ALAS-2016-697)

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7.3 allows remote...

GLSA-201605-01 : Git: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201605-01 Git: Multiple vulnerabilities Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large number of nested trees. Additionally, some protocols within Git, such as...

About the security content of Xcode 7.3.1

About the security content of Xcode 7.3.1 This document describes the security content of Xcode 7.3.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To...

RHEL 7 : mercurial (RHSA-2016:0706)

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: mercurial security update

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

mercurial: convert extension command injection via git repository names

It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository...

mercurial: command injection via git subrepository urls

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code...

Git: Multiple vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...

mercurial -- arbitrary code execution vulnerability

Mercurial reports: CVE-2016-3105: Arbitrary code execution when converting Git repos...

Fedora 24 : git-2.7.4-1.fc24 (2016-8f164810c3)

Update to 2.7.4 for CVE-2016-2315, CVE-2016-2324. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for git FEDORA-2016-8

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: git-2.7.4-1.fc24

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Git jq JSON File Denial of Service Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds. jq is a lightweight command-line JSON processor developed by software developer Stephen Dolan. Git 1.5 and earlier versions of jq have a security vulnerability that can be...

Security fix for the ALT Linux 7 package NetworkManager version 0.9.8.10-alt1.M70P.2.git20150519

0.9.8.10-alt1.M70P.2.git20150519 built April 20, 2016 Mikhail Efremov in task 163202 April 14, 2016 Mikhail Efremov - keyfile: fix temporary file races CVE-2016-0764. - Upstream git snapshot nm-0-9-8 branch...

Security update for mercurial (important)

mercurial was updated to fix three security issues. These security issues were fixed: - CVE-2016-3069: Arbitrary code execution when converting Git repos bsc973176. - CVE-2016-3068: Arbitrary code execution with Git subrepos bsc973177. - CVE-2016-3630: Remote code execution in binary delta decodi...

Updated mercurial packages fix security vulnerabilities

Updated mercurial packages fix security vulnerabilities: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone CVE-2016-3068. Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git...

DEBIAN-CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository...

CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository...