Updated mercurial packages fix security vulnerability
Publication date: 26 Jun 2017Modification date: 26 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9462
Description
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
References
SRPMS
5/core
- mercurial-3.1.1-5.3.mga5