Information on source package mercurial

Available versions

ReleaseVersion
jessie3.1.2-2+deb8u4
jessie (security)3.1.2-2+deb8u7
stretch (security)4.0-1+deb9u1
buster4.8.2-1+deb10u1
bullseye5.1.1-1
sid5.1.1-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-3902fixedvulnerablefixedfixedfixedA flaw was found in Mercurial before 4.9. It was possible to use symli ...
CVE-2018-13348fixedvulnerablefixedfixedfixedThe mpatch_decode function in mpatch.c in Mercurial before 4.6.1 misha ...
CVE-2018-13347fixedvulnerablefixedfixedfixedmpatch.c in Mercurial before 4.6.1 mishandles integer addition and sub ...
CVE-2018-13346fixedvulnerablefixedfixedfixedThe mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorr ...
CVE-2018-1000132fixedvulnerablefixedfixedfixedMercurial version 4.5 and earlier contains a Incorrect Access Control ...
CVE-2017-17458fixedvulnerablefixedfixedfixedIn Mercurial before 4.4.1, it is possible that a specially malformed r ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-17983fixedvulnerablefixedfixedfixedcext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read du ...

Resolved issues

BugDescription
CVE-2017-9462In Mercurial before 4.1.3, "hg serve --stdio" allows remote authentica ...
CVE-2017-1000116Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...
CVE-2017-1000115Mercurial prior to version 4.3 is vulnerable to a missing symlink chec ...
CVE-2016-3630The binary delta decoder in Mercurial before 3.7.3 allows remote attac ...
CVE-2016-3105The convert extension in Mercurial before 3.8 might allow context-depe ...
CVE-2016-3069Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ...
CVE-2016-3068Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ...
CVE-2014-9462The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...
CVE-2014-9390arbitrary command execution vulnerability on case-insensitive file systems
CVE-2010-4237
CVE-2008-4297Mercurial before 1.0.2 does not enforce the allowpull permission setti ...
CVE-2008-2942Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allow ...

Security announcements

DSA / DLADescription
DLA-1764-1mercurial - security update
DLA-1414-2mercurial - regression update
DLA-1414-1mercurial - security update
DLA-1331-1mercurial - security update
DLA-1224-1mercurial - security update
DSA-3963-1mercurial - security update
DSA-3963-1mercurial - security update
DLA-1072-1mercurial - security update
DLA-1005-1mercurial - security update
DLA-459-1mercurial - security update
DSA-3570-1mercurial - security update
DSA-3542-1mercurial - security update
DSA-3542-1mercurial - security update
DLA-237-1mercurial - security update
DSA-3257-1mercurial - security update
DSA-3257-1mercurial - security update

Search for package or bug name: Reporting problems