GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Dec 07, 2016 2:26 pm Post subject: [ GLSA 201612-19 ] Mercurial |
 |
|
Gentoo Linux Security Advisory
Title: Mercurial: Multiple vulnerabilities (GLSA 201612-19)
Severity: normal
Exploitable: remote
Date: December 07, 2016
Bug(s): #533008, #544332, #578546, #582238
ID: 201612-19
Synopsis
Multiple vulnerabilities have been found in Mercurial, the worst of
which could lead to the remote execution of arbitrary code.
Background
Mercurial is a distributed source control management system.
Affected Packages
Package: dev-vcs/mercurial
Vulnerable: < 3.8.4
Unaffected: >= 3.8.4
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Mercurial. Please
review the CVE identifier and bug reports referenced for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All mercurial users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/mercurial-3.8.4"
|
References
CVE-2014-9390
CVE-2014-9462
CVE-2016-3068
CVE-2016-3069
CVE-2016-3105
CVE-2016-3630 |
|
News & Announcements
