Bugs fixes in "mercurial"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2019-3902 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write fil | 2021-10-04 |
| CVE | CVE-2018-17983 | cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | 2021-10-04 |
| CVE | CVE-2019-3902 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write fil | 2021-10-04 |
| CVE | CVE-2018-17983 | cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | 2021-10-04 |
| CVE | CVE-2018-13348 | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining afte | 2018-11-27 |
| CVE | CVE-2018-13346 | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the origina | 2018-11-27 |
| CVE | CVE-2018-13347 | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | 2018-11-27 |
| CVE | CVE-2018-13348 | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining afte | 2018-11-27 |
| CVE | CVE-2018-13346 | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the origina | 2018-11-27 |
| CVE | CVE-2018-13347 | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | 2018-11-27 |
| CVE | CVE-2018-1000132 | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data | 2018-11-22 |
| CVE | CVE-2018-13348 | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining afte | 2018-11-22 |
| CVE | CVE-2018-13346 | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the origina | 2018-11-22 |
| CVE | CVE-2018-13347 | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | 2018-11-22 |
| CVE | CVE-2017-1000116 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | 2018-11-22 |
| CVE | CVE-2017-1000115 | Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | 2018-11-22 |
| CVE | CVE-2017-17458 | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a | 2018-11-22 |
| CVE | CVE-2017-9462 | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary cod | 2018-11-22 |
| CVE | CVE-2016-3630 | remote code execution in binary delta decoding | 2018-11-22 |
| CVE | CVE-2016-3105 | The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | 2018-11-22 |
About
-
Send Feedback to @ubuntu_updates
