Your submission was sent successfully! Close

CVE-2017-1000115

Published: 05 October 2017

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

From the Ubuntu security team

It was discovered that Mercurial incorrectly handled symlinks. An attacker could possibly use this issue to insert, edit or obtain sensitive information.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mercurial
Launchpad, Ubuntu, Debian
Upstream
Released (4.3.1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.7.3-1ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.8.2-1ubuntu1.4)