Back to bug 1320155
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-03-22 12:37:54 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-03-22 12:37:54 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-03-22 12:42:25 UTC | Blocks | 1319772 | |
| Adam Mariš | 2016-04-04 08:11:32 UTC | Blocks | 1322269 | |
| CC | anemec | |||
| Adam Mariš | 2016-04-04 08:12:38 UTC | Summary | EMBARGOED mercurial: Command execution vulnerabilities in Convert extension | EMBARGOED CVE-2016-3069 mercurial: Command execution vulnerabilities in Convert extension |
| Alias | CVE-2016-3069 | |||
| Whiteboard | impact=moderate,public=no,reported=20160321,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=new,rhel-7/mercurial=new,fedora-all/mercurial=affected | impact=moderate,public=20160329,reported=20160321,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=new,rhel-7/mercurial=new,fedora-all/mercurial=affected | ||
| Adam Mariš | 2016-04-04 08:13:20 UTC | Summary | EMBARGOED CVE-2016-3069 mercurial: Command execution vulnerabilities in Convert extension | CVE-2016-3069 mercurial: Command execution vulnerabilities in Convert extension |
| Adam Mariš | 2016-04-04 08:13:22 UTC | Group | security, qe_staff | |
| Adam Mariš | 2016-04-04 08:14:15 UTC | Depends On | 1323600 | |
| Tomas Hoger | 2016-04-14 11:31:30 UTC | Fixed In Version | mercurial 3.7.3 | |
| Summary | CVE-2016-3069 mercurial: Command execution vulnerabilities in Convert extension | CVE-2016-3069 mercurial: convert extension command injection via git repository names | ||
| Whiteboard | impact=moderate,public=20160329,reported=20160321,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=new,rhel-7/mercurial=new,fedora-all/mercurial=affected | impact=moderate,public=20160329,reported=20160321,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=wontfix,rhel-7/mercurial=affected,fedora-all/mercurial=affected | ||
| Tomas Hoger | 2016-04-14 11:34:24 UTC | Depends On | 1327167 | |
| Tomas Hoger | 2016-04-14 11:34:29 UTC | Depends On | 1327168 | |
| Tomas Hoger | 2016-04-14 11:42:56 UTC | Doc Text | It was discovered that the mercurial convert extension failed to sanitize special characters in git repository names. A git repository with a specially-crafted name could cause mercurial to execute arbitrary code when git repository was converted to a mercurial repository. | |
| Tomas Hoger | 2016-04-18 13:59:34 UTC | Doc Text | It was discovered that the mercurial convert extension failed to sanitize special characters in git repository names. A git repository with a specially-crafted name could cause mercurial to execute arbitrary code when git repository was converted to a mercurial repository. | It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially-crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. |
| Martin Prpič | 2016-04-18 14:00:38 UTC | Doc Text | It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially-crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. | It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. |
| Tomas Hoger | 2016-05-02 13:02:42 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-02 09:02:42 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:46:44 UTC | Whiteboard | impact=moderate,public=20160329,reported=20160321,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-77,rhel-6/mercurial=wontfix,rhel-7/mercurial=affected,fedora-all/mercurial=affected |
Back to bug 1320155