CVE-2014-9462

Published: 31 March 2015

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

Priority

Medium

Status

Package Release Status
mercurial
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.8.2-1ubuntu1.3)