Updated mercurial packages fix security vulnerabilities
Publication date: 19 Aug 2017Type: security
Affected Mageia releases : 6
CVE: CVE-2017-1000115 , CVE-2017-1000116
Description
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand.
References
SRPMS
6/core
- mercurial-4.1.3-1.1.mga6