Описание
Security update for mercurial
This update for mercurial fixes the following issues:
Security issues fixed:
- CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355).
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
mercurial-4.5.2-lp150.2.3.1
mercurial-lang-4.5.2-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2132-1
- SUSE Security Ratings
Описание
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
Затронутые продукты
openSUSE Leap 15.0:mercurial-4.5.2-lp150.2.3.1
openSUSE Leap 15.0:mercurial-lang-4.5.2-lp150.2.3.1
Ссылки
- CVE-2018-13346
- SUSE Bug 1100354
Описание
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Затронутые продукты
openSUSE Leap 15.0:mercurial-4.5.2-lp150.2.3.1
openSUSE Leap 15.0:mercurial-lang-4.5.2-lp150.2.3.1
Ссылки
- CVE-2018-13347
- SUSE Bug 1100355
Описание
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
Затронутые продукты
openSUSE Leap 15.0:mercurial-4.5.2-lp150.2.3.1
openSUSE Leap 15.0:mercurial-lang-4.5.2-lp150.2.3.1
Ссылки
- CVE-2018-13348
- SUSE Bug 1100353