Debian Security Advisory
DSA-3570-1 mercurial -- security update
- Date Reported:
- 05 May 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-3105.
- More information:
Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.
For the stable distribution (jessie), this problem has been fixed in version 3.1.2-2+deb8u3.
For the unstable distribution (sid), this problem has been fixed in version 3.8.1-1.
We recommend that you upgrade your mercurial packages.