Homec4science

Fix Mercurial command injection vulnerability

Authored by epriestley <git@epriestley.com> on Mar 20 2015, 17:26.

Description

Fix Mercurial command injection vulnerability

Summary: See http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html.

Test Plan: Crafted bad remote URL; got error instead of code execution.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12112

Details

Committed
epriestley <git@epriestley.com>Mar 20 2015, 17:26
Pushed
aubortJan 31 2017, 17:16
Parents
rPHb7fa55ff9396: Fix improper selection of the chunk engine as a writable engine
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH80b8dc521d14: Fix Mercurial command injection vulnerability (authored by epriestley <git@epriestley.com>).Mar 20 2015, 17:26