openSUSE Security Update : mercurial (openSUSE-2017-941)
Critical Nessus Plugin ID 102560
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for mercurial fixes the following issues :
Mercurial was updated to 4.2.3, a security fix update for
- CVE-2017-1000115: Incomplete symlink auditing allowed writing to files outside of the repository (boo#1053344)
- CVE-2017-1000116: Client-side code execution via argument injection in SSH URLs (boo#1052696)
SolutionUpdate the affected mercurial packages.