Описание
Security update for mercurial
This update for mercurial fixes the following issues:
Security issues fixed:
- CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355).
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353).
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15
mercurial-4.5.2-3.3.1
Ссылки
- Link for SUSE-SU-2018:1998-1
- E-Mail link for SUSE-SU-2018:1998-1
- SUSE Security Ratings
- SUSE Bug 1100353
- SUSE Bug 1100354
- SUSE Bug 1100355
- SUSE CVE CVE-2018-13346 page
- SUSE CVE CVE-2018-13347 page
- SUSE CVE CVE-2018-13348 page
Описание
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15:mercurial-4.5.2-3.3.1
Ссылки
- CVE-2018-13346
- SUSE Bug 1100354
Описание
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15:mercurial-4.5.2-3.3.1
Ссылки
- CVE-2018-13347
- SUSE Bug 1100355
Описание
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15:mercurial-4.5.2-3.3.1
Ссылки
- CVE-2018-13348
- SUSE Bug 1100353