Showing 1 - 3 of 3

CVE-2016-3105

Status Candidate

Overview

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

Gentoo Linux Security Advisory 201612-19: Posted Dec 7, 2016; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201612-19 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 3.8.4 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2014-9390, CVE-2014-9462, CVE-2016-3068, CVE-2016-3069, CVE-2016-3105, CVE-2016-3630; SHA-256 | 47c379d973e4969784c5bccded8e80c7573e79b6ec6f68d82c36130813ba786e; Download | Favorite | View

Debian Security Advisory 3570-1: Posted May 6, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3570-1 - Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.; tags | advisory, arbitrary, code execution; systems | linux, debian; advisories | CVE-2016-3105; SHA-256 | 5ee35477cc8c27ba9e76dbf6cf3f79be71dfe919bab4cfba87ba09a641932ade; Download | Favorite | View

Slackware Security Advisory - mercurial Updates: Posted May 3, 2016; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.; tags | advisory; systems | linux, slackware; advisories | CVE-2016-3105; SHA-256 | 691ee2b30ae6b117b4855ba8e0f0dd25e513546845e8670049741f2b2fe52eb8; Download | Favorite | View

Page 1 of 1 Back 1 Next