openSUSE Security Update : mercurial (openSUSE-2018-734)
High Nessus Plugin ID 111192
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for mercurial fixes the following issues :
Security issues fixed :
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (boo#1100353).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (boo#1100355).
- CVE-2018-13346: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (boo#1100354).
SolutionUpdate the affected mercurial packages.