Candidate: CVE-2016-3105
PublicDate: 2016-05-09 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
Description:
 The convert extension in Mercurial before 3.8 might allow context-dependent
 attackers to execute arbitrary code via a crafted git repository name.
Ubuntu-Description:
 It was discovered that Mercurial incorrectly handled git repository name.
 An attacker could possibly use this issue to execute arbitrary code.
Notes:
 sbeattie> fixed in 3.8.1
Bugs:
Priority: medium
Discovered-by: Blake Burkhart
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_mercurial:
upstream_mercurial: released (3.8.1-1)
precise_mercurial: ignored (reached end-of-life)
precise/esm_mercurial: DNE (precise was needs-triage)
trusty_mercurial: released (2.8.2-1ubuntu1.4)
trusty/esm_mercurial: released (2.8.2-1ubuntu1.4)
vivid/stable-phone-overlay_mercurial: DNE
vivid/ubuntu-core_mercurial: DNE
wily_mercurial: ignored (reached end-of-life)
xenial_mercurial: released (3.7.3-1ubuntu1.1)
yakkety_mercurial: not-affected (3.9.1-1)
zesty_mercurial: not-affected (3.9.1-1)
artful_mercurial: not-affected (3.9.1-1)
bionic_mercurial: not-affected (3.9.1-1)
cosmic_mercurial: not-affected (3.9.1-1)
devel_mercurial: not-affected (3.9.1-1)