Date: Sun, 10 Dec 2017 17:33:30 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Hi On Thu, Dec 07, 2017 at 04:53:44PM +0800, feer james wrote: > Hello mitre, > > I'd like to request a cve id for this vulnerability. > > *Vulnerability Details:* > https://bz.mercurial-scm.org/show_bug.cgi?id=5730 > > *Offical fix release:* > https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29 FTR, this issue was later on assigned CVE-2017-17458. @Terry, CVEs cannot be requested anymore via mailing oss-security, rather filling the request via https://cveform.mitre.org/ for future requests. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ