This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Mercurial Release Notes :
Mercurial's symlink auditing was incomplete prior to 4.3, and could be
abused to write to files outside the repository.
Mercurial was not sanitizing hostnames passed to ssh, allowing shell
injection attacks on clients by specifying a hostname starting with
-oProxyCommand. This is also present in Git (CVE-2017-1000117) and
Subversion (CVE-2017-9800), so please patch those tools as well if you
have them installed.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5