VDB

GCVE-110-MAGEIA-2016-138

GCVE-110-MAGEIA-2016-138
Advisory Published
Vulnetix · Advisory published April 13, 2016
Updated mercurial packages fix security vulnerabilities: Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone (CVE-2016-3068). Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git repositories with specially crafted names (CVE-2016-3069). It was discovered that Mercurial does not properly perform bounds-checking in its binary delta decoder, which may be exploitable for remote code execution via clone, push or pull (CVE-2016-3630).

Affected Products

VendorProductVersionsPlatforms
Mageiamercurial0 (affected), 3.1.1-5.1.mga5 (unaffected), 0 (affected), 3.1.1-5.1.mga5 (unaffected)
Mageiatimezone0 (affected), * (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›