Source: mercurial Version: 3.7.2-2 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for mercurial. CVE-2016-3068[0]: arbitrary code execution with Git subrepos CVE-2016-3069[1]: arbitrary code execution when converting Git repos CVE-2016-3630[2]: remote code execution in binary delta decoding If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-3068 [1] https://security-tracker.debian.org/tracker/CVE-2016-3069 [2] https://security-tracker.debian.org/tracker/CVE-2016-3630 [3] https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29 Please adjust the affected versions in the BTS as needed. Regards, Salvatore