Описание
Security update for mercurial
This update for mercurial fixes the following issue:
- CVE-2018-1000132: Remote attackers may bypass HTTP server permissions via batch wire protocol commands (bsc#1085211)
Список пакетов
openSUSE Leap 42.3
mercurial-4.2.3-12.1
mercurial-lang-4.2.3-12.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0917-1
- SUSE Security Ratings
Описание
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
Затронутые продукты
openSUSE Leap 42.3:mercurial-4.2.3-12.1
openSUSE Leap 42.3:mercurial-lang-4.2.3-12.1
Ссылки
- CVE-2018-1000132
- SUSE Bug 1085211