VDB
GCVE-110-MAGEIA-2016-138
GCVE-110-MAGEIA-2016-138
Advisory Published
Updated mercurial packages fix security vulnerabilities:
Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories
that could result in arbitrary code execution on clone (CVE-2016-3068).
Blake Burkhart discovered that Mercurial allows arbitrary code execution when
converting Git repositories with specially crafted names (CVE-2016-3069).
It was discovered that Mercurial does not properly perform bounds-checking in
its binary delta decoder, which may be exploitable for remote code execution
via clone, push or pull (CVE-2016-3630).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mercurial | 0 (affected), 3.1.1-5.1.mga5 (unaffected), 0 (affected), 3.1.1-5.1.mga5 (unaffected) | — |
| Mageia | timezone | 0 (affected), * (unaffected) | — |
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.