EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2018-1112)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. - Securi...

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

Tower: modification of git hooks in SCM repo via upstream playbook execution

A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...

Koji Security Bypass Vulnerability

Koji is an RPM-based build system. The system builds software by providing a flexible, secure and reproducible approach. A security bypass vulnerability exists in Koji version 1.13.0 that stems from the program failing to properly validate SCM paths. An attacker can exploit the vulnerability to...

PYSEC-2017-144

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...

PYSEC-2017-144

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...

CVE-2017-1002153

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...

PT-2017-11022 · Red Hat · Koji

Name of the Vulnerable Software and Affected Versions: Koji version 1.13.0 Description: The issue arises from improper validation of SCM paths, enabling an attacker to bypass blacklisted paths for build submission. Recommendations: For version 1.13.0, update to a newer version that properly...

CVE-2017-7552

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

CVE-2017-7552

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

Design/Logic Flaw

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

[SECURITY] Fedora 25 Update: mercurial-3.8.1-4.fc25

Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial Extensions:...

CVE-2017-7552

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

CVE-2017-7552

CVE-2017-7552 affects the Red Hat Mobile Application Platform (RHMAP) file editor (millicore). The flaw, in affected versions before 3.19.0 and 4.x before 4.5.0, allows files to be executed as well as created, enabling an attacker to compromise other users’ or teams’ projects stored in source con...

RHMAP Millicore IDE allows RCE on SCM

A flaw was discovered in the file editor of millicore which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation...

emacs, mercurial security update

CentOS Errata and Security Advisory CESA-2017:2489 An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

[SECURITY] Fedora 26 Update: mercurial-4.2.3-1.fc26

Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial Extensions:...

Virtuozzo 6 : emacs-mercurial / emacs-mercurial-el / mercurial / etc (VZLSA-2017-1576)

An update for mercurial is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS 6 / 7 : mercurial (CESA-2017:1576)

An update for mercurial is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...