Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names. For the stable distribution (jessie), this problem has been fixed in version 3.1.2-2+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 3.8.1-1. We recommend that you upgrade your mercurial packages.
Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.
For the stable distribution (jessie), this problem has been fixed in version 3.1.2-2+deb8u3.
For the unstable distribution (sid), this problem has been fixed in version 3.8.1-1.
We recommend that you upgrade your mercurial packages.
Vulmon