Back to bug 1319768

Who When What Removed Added
Adam Mariš 2016-03-21 13:27:43 UTC CC security-response-team
Red Hat Bugzilla 2016-03-21 13:27:43 UTC Doc Type --- Bug Fix
Adam Mariš 2016-03-21 13:32:57 UTC Summary EMBARGOED important EMBARGOED mercurial: Git ext:: URLs specified in Mercurial subrepositories allows RCE
Adam Mariš 2016-03-21 13:40:10 UTC Blocks 1319772
Adam Mariš 2016-04-04 08:08:02 UTC Blocks 1322269
CC anemec
Adam Mariš 2016-04-04 08:10:38 UTC Alias CVE-2016-3068
Whiteboard impact=important,public=no,reported=20160320,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=new,rhel-7/mercurial=new,fedora-all/mercurial=affected impact=important,public=20160329,reported=20160320,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=new,rhel-7/mercurial=new,fedora-all/mercurial=affected
Adam Mariš 2016-04-04 08:10:55 UTC Summary EMBARGOED mercurial: Git ext:: URLs specified in Mercurial subrepositories allows RCE EMBARGOED CVE-2016-3068 mercurial: Git ext:: URLs specified in Mercurial subrepositories allows RCE
Adam Mariš 2016-04-04 08:11:11 UTC Summary EMBARGOED CVE-2016-3068 mercurial: Git ext:: URLs specified in Mercurial subrepositories allows RCE CVE-2016-3068 mercurial: Git ext:: URLs specified in Mercurial subrepositories allows RCE
Adam Mariš 2016-04-04 08:11:13 UTC Group security, qe_staff
Adam Mariš 2016-04-04 08:13:04 UTC Depends On 1323599
Tomas Hoger 2016-04-14 11:27:31 UTC Fixed In Version mercurial 3.7.3
Whiteboard impact=important,public=20160329,reported=20160320,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=new,rhel-7/mercurial=new,fedora-all/mercurial=affected impact=important,public=20160329,reported=20160320,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=notaffected,rhel-7/mercurial=affected,fedora-all/mercurial=affected
Tomas Hoger 2016-04-14 11:29:01 UTC Summary CVE-2016-3068 mercurial: Git ext:: URLs specified in Mercurial subrepositories allows RCE CVE-2016-3068 mercurial: command injection via git subrepository urls
Tomas Hoger 2016-04-14 11:34:24 UTC Depends On 1327167
Tomas Hoger 2016-04-14 11:34:29 UTC Depends On 1327168
Tomas Hoger 2016-04-14 11:38:59 UTC Doc Text It was discovered that the mercurial failed to properly check git subrepository URLs. A mercurial repository with a git subrepository with a specially-crafted URL could cause mercurial to execute arbitrary code.
Petr Stodulka 2016-04-14 17:20:36 UTC Status NEW ASSIGNED
Petr Stodulka 2016-04-14 17:20:52 UTC Status ASSIGNED NEW
Martin Prpič 2016-04-18 13:07:03 UTC Doc Text It was discovered that the mercurial failed to properly check git subrepository URLs. A mercurial repository with a git subrepository with a specially-crafted URL could cause mercurial to execute arbitrary code. It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code.
Petr Stodulka 2016-04-19 07:48:34 UTC CC amaris
Flags needinfo?(amaris)
Tomas Hoger 2016-04-19 07:54:53 UTC Flags needinfo?(amaris)
Petr Stodulka 2016-04-19 13:32:57 UTC Flags needinfo?
Tomas Hoger 2016-04-19 18:06:48 UTC Flags needinfo?
Tomas Hoger 2016-05-02 13:02:14 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-05-02 09:02:14 UTC
Petr Stodulka 2016-05-06 07:45:29 UTC Depends On 1322268
Adam Mariš 2016-11-08 15:53:40 UTC CC amaris
Product Security DevOps Team 2019-09-29 13:45:56 UTC Whiteboard impact=important,public=20160329,reported=20160320,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=notaffected,rhel-7/mercurial=affected,fedora-all/mercurial=affected

Back to bug 1319768