Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#49239 - [mercurial] CVE-2016-3105: arbitrary code execution in mercurial < 3.8

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Friday, 06 May 2016, 21:28 GMT
Last edited by Antonio Rojas (arojas) - Friday, 06 May 2016, 21:33 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



A security issue leading to arbitrary code execution [1] has been fixed in mercurial 3.8 [2], and could be remotely exploited in some setups.
It would be nice if we could upgrade to 3.8.1 (released immediately after 3.8 to correct a release oversight).


This task depends upon

Closed by  Antonio Rojas (arojas)
Friday, 06 May 2016, 21:33 GMT
Reason for closing:  Fixed