Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial" }, { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial-common" }, { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.7.3-1ubuntu1.1", "binary_name": "mercurial" }, { "binary_version": "3.7.3-1ubuntu1.1", "binary_name": "mercurial-common" }, { "binary_version": "3.7.3-1ubuntu1.1", "binary_name": "mercurial-dbgsym" } ] }