oss-sec mailing list archives
Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 10 Dec 2017 17:33:30 +0100
Hi On Thu, Dec 07, 2017 at 04:53:44PM +0800, feer james wrote:
Hello mitre, I'd like to request a cve id for this vulnerability. *Vulnerability Details:* https://bz.mercurial-scm.org/show_bug.cgi?id=5730 *Offical fix release:* https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
FTR, this issue was later on assigned CVE-2017-17458. @Terry, CVEs cannot be requested anymore via mailing oss-security, rather filling the request via https://cveform.mitre.org/ for future requests. Regards, Salvatore
Current thread:
- CVE Request -- Arbitrary command execution in mercurial repo with a git submodule feer james (Dec 07)
- Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Salvatore Bonaccorso (Dec 10)