Download
| Alert*
oval:org.secpod.oval:def:1504164
[2.6.2-10] - Add missing hunk for CVE-2018-13347 patch - Related: CVE-2018-13347 [2.6.2-9] - Fix various CVEs - Resolves: CVE-2018-1000132 CVE-2018-13346 CVE-2018-13347 oval:org.secpod.oval:def:205349 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * mercurial: Buffer underflow in mpatch.c:mpatch_apply * mercurial: HTTP server permissions bypass * mercurial: Missing check for fragment start posit ... oval:org.secpod.oval:def:2101161 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository oval:org.secpod.oval:def:503238 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * mercurial: Buffer underflow in mpatch.c:mpatch_apply * mercurial: HTTP server permissions bypass * mercurial: Missing check for fragment start posit ... oval:org.secpod.oval:def:2000810 Mercurial version 4.5 and earlier contains a Incorrect Access Control vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. oval:org.secpod.oval:def:2103509 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created ... |