Security update for mercurial
This update for mercurial fixes the following issues:
Security issues fixed:
- CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355).
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Takashi Iwai (tiwai)
Fixed bugs
bnc#1100353
VUL-0: CVE-2018-13348: mercurial: The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandlescertain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data, but actually ar
bnc#1100355
VUL-0: CVE-2018-13347: mercurial: mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction,aka OVE-20180430-0002.
bnc#1100354
VUL-0: CVE-2018-13346: mercurial: The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectlyproceeds in cases where the fragment start is past the end of the original data,aka OVE-20180430-0004.
