Search for packages
| purl | pkg:ebuild/dev-vcs/mercurial@3.8.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5e12-c4fx-rfa3 | The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. |
CVE-2016-3105
GHSA-49cw-434h-qc57 PYSEC-2016-28 |
| VCID-6jye-8j2x-2bgp | The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. |
CVE-2016-3630
GHSA-9vjf-jjcq-3gh7 PYSEC-2016-29 |
| VCID-j1c4-rux6-wygr | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. |
CVE-2014-9390
GHSA-6vvc-c2m3-cjf3 PYSEC-2020-217 |
| VCID-qs77-k84k-qfam | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. |
CVE-2016-3068
GHSA-j7c2-rqm3-c97m PYSEC-2016-26 |
| VCID-tks6-8etr-mkf1 | The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. |
CVE-2014-9462
GHSA-3pmw-h7j4-rf54 PYSEC-2015-14 |
| VCID-znz1-y81d-zfff | Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. |
CVE-2016-3069
GHSA-8fm8-7365-5rh2 PYSEC-2016-27 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:02:15.787655+00:00 | Gentoo Importer | Fixing | VCID-6jye-8j2x-2bgp | https://security.gentoo.org/glsa/201612-19 | 38.0.0 |
| 2026-04-01T13:02:15.777018+00:00 | Gentoo Importer | Fixing | VCID-5e12-c4fx-rfa3 | https://security.gentoo.org/glsa/201612-19 | 38.0.0 |
| 2026-04-01T13:02:15.765989+00:00 | Gentoo Importer | Fixing | VCID-znz1-y81d-zfff | https://security.gentoo.org/glsa/201612-19 | 38.0.0 |
| 2026-04-01T13:02:15.755000+00:00 | Gentoo Importer | Fixing | VCID-qs77-k84k-qfam | https://security.gentoo.org/glsa/201612-19 | 38.0.0 |
| 2026-04-01T13:02:15.745395+00:00 | Gentoo Importer | Fixing | VCID-tks6-8etr-mkf1 | https://security.gentoo.org/glsa/201612-19 | 38.0.0 |
| 2026-04-01T13:02:15.736051+00:00 | Gentoo Importer | Fixing | VCID-j1c4-rux6-wygr | https://security.gentoo.org/glsa/201612-19 | 38.0.0 |