openSUSE Security Update : mercurial (openSUSE-2018-772)
High Nessus Plugin ID 111424
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for mercurial fixes the following issues :
Security issues fixed :
- CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355).
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353).
This update was imported from the SUSE:SLE-15:Update update project.
SolutionUpdate the affected mercurial packages.