Candidate: CVE-2014-9462
PublicDate: 2015-03-31 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
 http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
 http://selenic.com/hg/rev/e3f30068d2eb
Description:
 The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows
 remote attackers to execute arbitrary commands via a crafted repository
 name in a clone command.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mercurial:
upstream_mercurial: needs-triage
lucid_mercurial: ignored (reached end-of-life)
precise_mercurial: released (2.0.2-1ubuntu1.2)
trusty_mercurial: released (2.8.2-1ubuntu1.3)
trusty/esm_mercurial: released (2.8.2-1ubuntu1.3)
utopic_mercurial: released (3.1.1-1ubuntu0.2)
vivid_mercurial: released (3.1.2-2+deb8u1build0.15.04.2)
devel_mercurial: released (3.4-1ubuntu2)