Source: mercurial Version: 4.6-2 Severity: grave Tags: security upstream For tracking purposes: mercurial 4.6.1 contains security fixes as denoted in:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29 > 1.1. Security Fixes > > Multiple issues found in mpatch.c with a fuzzer: > > OVE-20180430-0001 > OVE-20180430-0002 > OVE-20180430-0004 > > With the following fixes: > > mpatch: be more careful about parsing binary patch data (SEC) > mpatch: protect against underflow in mpatch_apply (SEC) > mpatch: ensure fragment start isn't past the end of orig (SEC) > mpatch: fix UB in int overflows in gather() (SEC) > mpatch: fix UB integer overflows in discard() (SEC) > mpatch: avoid integer overflow in mpatch_decode (SEC) > mpatch: avoid integer overflow in combine() (SEC) > > No exploits are known at the time, however, it is highly recommended that all > users upgrade. No CVEs are yet assigned. Regards, Salvatore