exploitDog

SUSE-SU-2016:1443-1

Опубликовано: 30 мая 2016

Источник: suse-cvrf

Описание

Security update for mercurial

This update for mercurial fixes the following issues:

Security issues fixed:

CVE-2016-3105: Versionsprior to 3.8 allowed arbitrary code execution when using the convert extension on Git repo. (bsc#978391)

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

mercurial-2.3.2-0.14.2

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20161443-1/
Link for SUSE-SU-2016:1443-1
https://lists.suse.com/pipermail/sle-security-updates/2016-May/002083.html
E-Mail link for SUSE-SU-2016:1443-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/978391
SUSE Bug 978391
https://www.suse.com/security/cve/CVE-2016-3105/
SUSE CVE CVE-2016-3105 page

Описание

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 11 SP4:mercurial-2.3.2-0.14.2

Ссылки

https://www.suse.com/security/cve/CVE-2016-3105.html
CVE-2016-3105
https://bugzilla.suse.com/978391
SUSE Bug 978391