[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 237-1] mercurial security update

Package        : mercurial
Version        : 1.6.4-1+deb6u1
CVE ID         : CVE-2014-9390 CVE-2014-9462


    Jesse Hertz of Matasano Security discovered that Mercurial, a
    distributed version control system, is prone to a command injection
    vulnerability via a crafted repository name in a clone command.


    is a security vulnerability that affects mercurial repositories in a
    case-insensitive filesystem (eg. VFAT or HFS+).  It allows for remote
    code execution of a specially crafted repository.  This is less
    severe for the average Debian installation as they are usually set
    up with case-sensitive filesystems.

Attachment: signature.asc
Description: Digital signature

Reply to: