VulnerableCode Package Details - pkg:deb/debian/mercurial@3.7.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6jye-8j2x-2bgp	The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.	CVE-2016-3630 GHSA-9vjf-jjcq-3gh7 PYSEC-2016-29
VCID-qs77-k84k-qfam	Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.	CVE-2016-3068 GHSA-j7c2-rqm3-c97m PYSEC-2016-26
VCID-znz1-y81d-zfff	Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.	CVE-2016-3069 GHSA-8fm8-7365-5rh2 PYSEC-2016-27

Vulnerability

Summary

Aliases

VCID-6jye-8j2x-2bgp

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

CVE-2016-3630
GHSA-9vjf-jjcq-3gh7
PYSEC-2016-29

VCID-qs77-k84k-qfam

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

CVE-2016-3068
GHSA-j7c2-rqm3-c97m
PYSEC-2016-26

VCID-znz1-y81d-zfff

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

CVE-2016-3069
GHSA-8fm8-7365-5rh2
PYSEC-2016-27

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:42:36.971939+00:00	Debian Importer	Fixing	VCID-6jye-8j2x-2bgp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:01:43.318617+00:00	Debian Importer	Fixing	VCID-qs77-k84k-qfam	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:15:11.758747+00:00	Debian Importer	Fixing	VCID-znz1-y81d-zfff	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:42:49.299992+00:00	Debian Importer	Fixing	VCID-6jye-8j2x-2bgp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:25:50.507165+00:00	Debian Importer	Fixing	VCID-znz1-y81d-zfff	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:29:12.381383+00:00	Debian Importer	Fixing	VCID-qs77-k84k-qfam	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:45:56.481235+00:00	Debian Importer	Fixing	VCID-6jye-8j2x-2bgp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:56.377808+00:00	Debian Importer	Fixing	VCID-znz1-y81d-zfff	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:45:56.321852+00:00	Debian Importer	Fixing	VCID-qs77-k84k-qfam	https://security-tracker.debian.org/tracker/data/json	38.1.0