summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2017-08-10 20:26:14 +0000
committerSalvatore Bonaccorso <carnil@debian.org>2017-08-10 20:26:14 +0000
commite3ed3b28941d43d26b4909493055d4412dc4dcda (patch)
treee6cb54fbdf198eede233d22b557e153068d06fb5
parent5d4f2fc8e570fccf5d2413ce36af1487df7c5c38 (diff)
Add set of commits for mercurial issue
I'm not sure if all yet belong to CVE-2017-1000116 but all are related to sanitize mercurial around command injection via malicious ssh URLs. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@54573 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat
-rw-r--r--data/CVE/list11
1 files changed, 11 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index d2709459e0..4dc1d23779 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4,6 +4,17 @@ CVE-2017-1000117
CVE-2017-1000116 [command injection on clients through malicious ssh URLs]
- mercurial <unfixed> (bug #871710)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/f9134e96ed0f
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/92b583e3e522
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/08cfc4baf3ba
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/55681baf4cf9
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/173ecccb9ee7
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb
+ NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23
CVE-2017-1000115 [path traversal via symlink]
- mercurial <unfixed> (bug #871709)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29

© 2014-2024 Faster IT GmbH | imprint | privacy policy