FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)
Critical Nessus Plugin ID 102465
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMercurial Release Notes :
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with
-oProxyCommand. This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed.
SolutionUpdate the affected package.