Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

Related bugs and status

CVE-2016-3630 (Candidate) is related to these bugs:

Bug #1759366: Multiple Mercurial CVEs have been announced

		In	Importance	Status
1759366	Multiple Mercurial CVEs have been announced	mercurial (Ubuntu)	High	Fix Released
1759366	Multiple Mercurial CVEs have been announced	mercurial (Ubuntu Xenial)	High	Confirmed
1759366	Multiple Mercurial CVEs have been announced	mercurial (Ubuntu Trusty)	High	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://selenic.com/re...
CONFIRM: https://selenic.com/re...
CONFIRM: https://www.mercurial-...
DEBIAN: DSA-3542
FEDORA: FEDORA-2016-79604dde9f
FEDORA: FEDORA-2016-b7f1f8e3bf
SUSE: SUSE-SU-2016:1010
SUSE: SUSE-SU-2016:1011
SUSE: openSUSE-SU-2016:1016
SUSE: openSUSE-SU-2016:1073
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201612-19