Описание
Security update for mercurial
mercurial was updated to fix three security issues.
These security issues were fixed:
- CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176).
- CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177).
- CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175).
Список пакетов
openSUSE Leap 42.1
mercurial-3.5.1-3.1
mercurial-lang-3.5.1-3.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1073-1
- SUSE Security Ratings
Описание
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
Затронутые продукты
openSUSE Leap 42.1:mercurial-3.5.1-3.1
openSUSE Leap 42.1:mercurial-lang-3.5.1-3.1
Ссылки
- CVE-2016-3068
- SUSE Bug 973175
- SUSE Bug 973177
Описание
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
Затронутые продукты
openSUSE Leap 42.1:mercurial-3.5.1-3.1
openSUSE Leap 42.1:mercurial-lang-3.5.1-3.1
Ссылки
- CVE-2016-3069
- SUSE Bug 973175
- SUSE Bug 973176
Описание
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
Затронутые продукты
openSUSE Leap 42.1:mercurial-3.5.1-3.1
openSUSE Leap 42.1:mercurial-lang-3.5.1-3.1
Ссылки
- CVE-2016-3630
- SUSE Bug 973175