Information on source package mercurial

Available versions

ReleaseVersion
wheezy2.2.2-4+deb7u2
wheezy (security)2.2.2-4+deb7u5
jessie3.1.2-2+deb8u3
jessie (security)3.1.2-2+deb8u4
stretch (security)4.0-1+deb9u1
buster4.3.1-3
sid4.4.1-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-9462fixedvulnerable (no DSA)fixedfixedfixedIn Mercurial before 4.1.3, "hg serve --stdio" allows remote ...

Resolved issues

BugDescription
CVE-2017-1000116Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...
CVE-2017-1000115Mercurial prior to version 4.3 is vulnerable to a missing symlink ...
CVE-2016-3630The binary delta decoder in Mercurial before 3.7.3 allows remote ...
CVE-2016-3105The convert extension in Mercurial before 3.8 might allow ...
CVE-2016-3069Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...
CVE-2016-3068Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...
CVE-2014-9462The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...
CVE-2014-9390arbitrary command execution vulnerability on case-insensitive file systems
CVE-2010-4237
CVE-2008-4297Mercurial before 1.0.2 does not enforce the allowpull permission ...
CVE-2008-2942Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...

Security announcements

DSA / DLADescription
DSA-3963-1mercurial - security update
DSA-3963-1mercurial - security update
DLA-1072-1mercurial - security update
DLA-1005-1mercurial - security update
DLA-459-1mercurial - security update
DSA-3570-1mercurial - security update
DSA-3542-1mercurial - security update
DSA-3542-1mercurial - security update
DLA-237-1mercurial - security update
DSA-3257-1mercurial - security update
DSA-3257-1mercurial - security update

Search for package or bug name: Reporting problems