Debian 9859 Published by

Updated mercurial packages are available for Debian 7 LTS



Package : mercurial
Version : 2.2.2-4+deb7u3
CVE ID : CVE-2016-3105

Blake Burkhart discovered an arbitrary code execution flaw in
Mercurial, a distributed version control system, when using the convert
extension on Git repositories with specially crafted names. This flaw in
particular affects automated code conversion services that allow
arbitrary repository names.

Patches are taken from the Jessie version.