Candidate: CVE-2018-13346
PublicDate: 2018-07-06 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13346
 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
 https://www.mercurial-scm.org/repo/hg/rev/faa924469635
Description:
 The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly
 proceeds in cases where the fragment start is past the end of the original
 data, aka OVE-20180430-0004.
Ubuntu-Description:
 It was discovered that Mercurial incorrectly handled patch data. An
 attacker could possibly use this issue to cause a denial of service or
 other unspecified impact.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_mercurial:
upstream_mercurial: released (4.6.1-1)
precise/esm_mercurial: DNE
trusty_mercurial: released (2.8.2-1ubuntu1.4)
trusty/esm_mercurial: released (2.8.2-1ubuntu1.4)
xenial_mercurial: released (3.7.3-1ubuntu1.1)
artful_mercurial: ignored (reached end-of-life)
bionic_mercurial: released (4.5.3-1ubuntu2.1)
cosmic_mercurial: not-affected (4.6.1-1ubuntu1)
devel_mercurial: not-affected (4.6.1-1ubuntu1)