Updated mercurial packages fix security vulnerability
Publication date: 06 Sep 2019Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-3902
Description
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem (CVE-2019-3902).
References
SRPMS
6/core
- mercurial-4.9.1-1.mga6
7/core
- mercurial-4.9.1-1.mga7