Following commit fixes code injection issue in Mercurial: http://selenic.com/hg/rev/e3f30068d2eb Detailed description of the attack vector is available here: http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
Created mercurial tracking bugs for this issue: Affects: fedora-all [bug 1204811]
Statement: Red Hat Product Security has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in future updates.