CVE-2019-3902

Опубликовано: 22 апр. 2019

Источник: debian

Описание

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mercurial	fixed	4.9-1		package
mercurial	fixed	4.8.2-1+deb10u1	buster	package

Примечания

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
https://www.mercurial-scm.org/repo/hg/rev/6c10eba6b9cd
https://www.mercurial-scm.org/repo/hg/rev/31286c9282df
https://www.mercurial-scm.org/repo/hg/rev/83377b4b4ae0

Связанные уязвимости

CVE-2019-3902

CVSS3: 5.1

ubuntu

почти 7 лет назад

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

CVE-2019-3902

CVSS3: 5.1

redhat

почти 7 лет назад

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

CVE-2019-3902

CVSS3: 5.1

nvd

почти 7 лет назад

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

openSUSE-SU-2020:0880-1

suse-cvrf

больше 5 лет назад

Security update for mercurial

openSUSE-SU-2020:0869-1

suse-cvrf

больше 5 лет назад

Security update for mercurial