Synopsis: Important: mercurial security update
Advisory ID: SLSA-2016:0706-1
Issue Date: 2016-05-02
CVE Numbers: CVE-2016-3068
CVE-2016-3069
—
Security Fix(es):
* It was discovered that Mercurial failed to properly check Git sub-
repository URLs. A Mercurial repository that includes a Git sub-repository
with a specially crafted URL could cause Mercurial to execute arbitrary
code. (CVE-2016-3068)
* It was discovered that the Mercurial convert extension failed to
sanitize special characters in Git repository names. A Git repository with
a specially crafted name could cause Mercurial to execute arbitrary code
when the Git repository was converted to a Mercurial repository.
(CVE-2016-3069)
—
SL7
x86_64
emacs-mercurial-2.6.2-6.el7_2.x86_64.rpm
emacs-mercurial-el-2.6.2-6.el7_2.x86_64.rpm
mercurial-2.6.2-6.el7_2.x86_64.rpm
mercurial-debuginfo-2.6.2-6.el7_2.x86_64.rpm
mercurial-hgk-2.6.2-6.el7_2.x86_64.rpm
– Scientific Linux Development Team