Information on source package mercurial

Available versions

ReleaseVersion
jessie3.1.2-2+deb8u4
jessie (security)3.1.2-2+deb8u6
stretch (security)4.0-1+deb9u1
buster4.7.2-1
sid4.8.1-2

Open issues

BugjessiestretchbustersidDescription
CVE-2018-17983fixedvulnerablefixedfixedcext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read ...
CVE-2018-13348fixedvulnerablefixedfixedThe mpatch_decode function in mpatch.c in Mercurial before 4.6.1 ...
CVE-2018-13347fixedvulnerablefixedfixedmpatch.c in Mercurial before 4.6.1 mishandles integer addition and ...
CVE-2018-13346fixedvulnerablefixedfixedThe mpatch_apply function in mpatch.c in Mercurial before 4.6.1 ...
CVE-2018-1000132fixedvulnerablefixedfixedMercurial version 4.5 and earlier contains a Incorrect Access Control ...
CVE-2017-17458fixedvulnerablefixedfixedIn Mercurial before 4.4.1, it is possible that a specially malformed ...

Resolved issues

BugDescription
CVE-2017-9462In Mercurial before 4.1.3, "hg serve --stdio" allows remote ...
CVE-2017-1000116Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...
CVE-2017-1000115Mercurial prior to version 4.3 is vulnerable to a missing symlink ...
CVE-2016-3630The binary delta decoder in Mercurial before 3.7.3 allows remote ...
CVE-2016-3105The convert extension in Mercurial before 3.8 might allow ...
CVE-2016-3069Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...
CVE-2016-3068Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...
CVE-2014-9462The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...
CVE-2014-9390arbitrary command execution vulnerability on case-insensitive file systems
CVE-2010-4237
CVE-2008-4297Mercurial before 1.0.2 does not enforce the allowpull permission ...
CVE-2008-2942Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...

Security announcements

DSA / DLADescription
DLA-1414-2mercurial - regression update
DLA-1414-1mercurial - security update
DLA-1331-1mercurial - security update
DLA-1224-1mercurial - security update
DSA-3963-1mercurial - security update
DSA-3963-1mercurial - security update
DLA-1072-1mercurial - security update
DLA-1005-1mercurial - security update
DLA-459-1mercurial - security update
DSA-3570-1mercurial - security update
DSA-3542-1mercurial - security update
DSA-3542-1mercurial - security update
DLA-237-1mercurial - security update
DSA-3257-1mercurial - security update
DSA-3257-1mercurial - security update

Search for package or bug name: Reporting problems