{"id":"MGASA-2016-0172","summary":"Updated mercurial packages fix security vulnerability","details":"This update fixes possible arbitrary code execution when converting Git\nrepos. Mercurial prior to 3.8 allowed arbitrary code execution when using\nthe convert extension on Git repos with hostile names. This could affect\nautomated code conversion services that allow arbitrary repository names.\nThis is a further side-effect of Git CVE-2015-7545. Reported and fixed by\nBlake Burkhart.\n","modified":"2026-04-16T06:24:23.955906921Z","published":"2016-05-12T20:00:19Z","upstream":["CVE-2016-3105"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0172.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18363"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2016-3105"},{"type":"WEB","url":"https://selenic.com/hg/rev/a56296f55a5e"}],"affected":[{"package":{"name":"mercurial","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/mercurial?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.1-5.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0172.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}