OESA-2026-2729

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2729
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2729.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2729
Upstream
Published
2026-06-24T13:13:10Z
Modified
2026-06-24T13:30:11.977254861Z
Summary
mercurial security update
Details

Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface.

Security Fix(es):

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.(CVE-2025-2361)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / mercurial

Package

Name
mercurial
Purl
pkg:rpm/openEuler/mercurial&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.1-2.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "mercurial-help-5.6.1-2.oe2203sp4.noarch.rpm"
    ],
    "x86_64": [
        "mercurial-5.6.1-2.oe2203sp4.x86_64.rpm",
        "mercurial-debuginfo-5.6.1-2.oe2203sp4.x86_64.rpm",
        "mercurial-debugsource-5.6.1-2.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "mercurial-5.6.1-2.oe2203sp4.aarch64.rpm",
        "mercurial-debuginfo-5.6.1-2.oe2203sp4.aarch64.rpm",
        "mercurial-debugsource-5.6.1-2.oe2203sp4.aarch64.rpm"
    ],
    "src": [
        "mercurial-5.6.1-2.oe2203sp4.src.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2729.json"