Published: 06 July 2018
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
From the Ubuntu security team
It wa discovered that Mercurial incorrectly handled integer addition and subtraction. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVSS 3 base score: 9.8