oss-sec mailing list archives

Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 10 Dec 2017 17:33:30 +0100

Hi

On Thu, Dec 07, 2017 at 04:53:44PM +0800, feer james wrote:

Hello mitre,

I'd like to request a cve id for this vulnerability.

*Vulnerability Details:*
https://bz.mercurial-scm.org/show_bug.cgi?id=5730

*Offical fix release:*
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29


FTR, this issue was later on assigned CVE-2017-17458.

@Terry, CVEs cannot be requested anymore via mailing oss-security,
rather filling the request via https://cveform.mitre.org/ for future
requests.

Regards,
Salvatore

Current thread:

CVE Request -- Arbitrary command execution in mercurial repo with a git submodule feer james (Dec 07)
- Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Salvatore Bonaccorso (Dec 10)