Overview

File _patchinfo of Package patchinfo.7125

<patchinfo incident="7125">
  <issue id="1053344" tracker="bnc" />
  <issue id="1052696" tracker="bnc">VUL-0: CVE-2017-1000116: mercurial: client-side code execution via argument injection in SSH URLs</issue>
  <issue id="2017-1000116" tracker="cve" />
  <issue id="2017-1000115" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>tiwai</packager>
  <description>This update for mercurial fixes the following issues:

Mercurial was updated to 4.2.3, a security fix update for 
- CVE-2017-1000115: Incomplete symlink auditing allowed writing to files outside of the repository (boo#1053344)
- CVE-2017-1000116: Client-side code execution via argument injection in SSH URLs (boo#1052696)
</description>
  <summary>Security update for mercurial</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places