Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 640560 - dev-vcs/mercurial: Remote arbitrary code execution vulnerability
Summary: dev-vcs/mercurial: Remote arbitrary code execution vulnerability
Status: RESOLVED DUPLICATE of bug 636704
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-10 16:51 UTC by GLSAMaker/CVETool Bot
Modified: 2017-12-10 16:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-10 16:51:08 UTC 
CVE-2017-17458 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17458):
  In Mercurial before 4.4.1, it is possible that a specially malformed
  repository can cause Git subrepositories to run arbitrary code in the form
  of a .git/hooks/post-update script checked into the repository. Typical use
  of Mercurial prevents construction of such repositories, but they can be
  created programmatically.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-12-10 16:51:46 UTC 

*** This bug has been marked as a duplicate of bug 636704 ***