Advisories ยป MGASA-2017-0182

Updated mercurial packages fix security vulnerability

Publication date: 26 Jun 2017
Modification date: 26 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9462

Description

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated
users to launch the Python debugger, and consequently execute arbitrary
code, by using --debugger as a repository name.
                

References

SRPMS

5/core