Advisories ยป MGASA-2017-0282

Updated mercurial packages fix security vulnerabilities

Publication date: 19 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-1000115 , CVE-2017-1000116

Description

Mercurial was not sanitizing hostnames passed to ssh, allowing shell
injection attacks by specifying a hostname starting with -oProxyCommand.
                

References

SRPMS

6/core