Candidate: CVE-2018-13347
PublicDate: 2018-07-06 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13347
 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
 https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
 https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
Description:
 mpatch.c in Mercurial before 4.6.1 mishandles integer addition and
 subtraction, aka OVE-20180430-0002.
Ubuntu-Description:
 It wa discovered that Mercurial incorrectly handled integer addition and
 subtraction. An attacker could possibly use this issue to cause a denial
 of service or other unspecified impact.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_mercurial:
upstream_mercurial: released (4.6.1-1)
precise/esm_mercurial: DNE
trusty_mercurial: released (2.8.2-1ubuntu1.4)
trusty/esm_mercurial: released (2.8.2-1ubuntu1.4)
xenial_mercurial: released (3.7.3-1ubuntu1.1)
artful_mercurial: ignored (reached end-of-life)
bionic_mercurial: released (4.5.3-1ubuntu2.1)
cosmic_mercurial: not-affected (4.6.1-1ubuntu1)
devel_mercurial: not-affected (4.6.1-1ubuntu1)