Candidate: CVE-2010-4237
PublicDate: 2019-10-29 19:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4237
Description:
 Mercurial before 1.6.4 fails to verify the Common Name field of SSL
 certificates which allows remote attackers who acquire a certificate signed
 by a Certificate Authority to perform a man-in-the-middle attack.
Ubuntu-Description: 
Notes: 
 sbeattie> may not be an issue for lucid and earlier due to python being
 sbeattie> v2.6 or older
Bugs: 
 http://bz.selenic.com/show_bug.cgi?id=2407
 https://bugzilla.redhat.com/show_bug.cgi?id=641373
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
Priority: low
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N [5.9 MEDIUM]

Patches_mercurial:
 upstream: http://selenic.com/repo/hg-stable/diff/f2937d6492c5/mercurial/url.py
upstream_mercurial: released (1.6.4)
hardy_mercurial: ignored (reached end-of-life)
lucid_mercurial: ignored (reached end-of-life)
natty_mercurial: not-affected (1.6.4-1)
oneiric_mercurial: not-affected (1.6.4-1)
precise_mercurial: not-affected (1.6.4-1)
quantal_mercurial: not-affected (1.6.4-1)
raring_mercurial: not-affected (1.6.4-1)
saucy_mercurial: not-affected (1.6.4-1)
devel_mercurial: not-affected (1.6.4-1)