mercurial-1.4-5.AXS4
エラータID: AXSA:2017-1710:01
Release date:
Tuesday, June 27, 2017 - 12:57
Subject:
mercurial-1.4-5.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Mercurial is a fast, lightweight source control management system designed
for efficient handling of very large distributed projects.
Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart
Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial
Extensions: http://www.selenic.com/mercurial/wiki/index.cgi/CategoryExtension
Security issues fixed with this release:
CVE-2017-9462
In Mercurial before 4.1.3, "hg serve --stdio" allows remote
authenticated users to launch the Python debugger, and consequently
execute arbitrary code, by using --debugger as a repository name.
Solution:
Update packages.
CVEs:
CVE-2017-9462
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
Additional Info:
N/A
Download:
SRPMS
- mercurial-1.4-5.AXS4.src.rpm
MD5: 70513b929742e4347272ad83352ae9bb
SHA-256: 2628d03b318aabd7057f1b897c731cec8c17dbdb09dc94450c0c5f9b895a1524
Size: 1.85 MB
Asianux Server 4 for x86
- mercurial-1.4-5.AXS4.i686.rpm
MD5: d1a36d7af99873ae2c8d2bf4b690322f
SHA-256: e6b4674885fc15e723ebb1add90020df0099c303776bc7670a003470fdeb3d90
Size: 1.47 MB
Asianux Server 4 for x86_64
- mercurial-1.4-5.AXS4.x86_64.rpm
MD5: 5759457c40291d035750a4b4a85075e9
SHA-256: 44bfaee5cdbb9d5d0cd58565d5edd08fe19f29ee2c6cfcc580ad52a120b9b04b
Size: 1.47 MB