[Bug 4539] New: Security Vulnerabilities identified in CheckMarx Scan
mercurial-bugs at selenic.com
mercurial-bugs at selenic.com
Tue Feb 17 06:16:53 UTC 2015
http://bz.selenic.com/show_bug.cgi?id=4539
Priority: normal
Bug ID: 4539
CC: mercurial-devel at selenic.com
Assignee: bugzilla at selenic.com
Summary: Security Vulnerabilities identified in CheckMarx Scan
Severity: bug
Classification: Unclassified
OS: Windows
Reporter: philip.w.mcadams at intel.com
Hardware: PC
Status: UNCONFIRMED
Version: 2.8.2
Component: Mercurial
Product: Mercurial
Our internal IT security team scanned Mercurial source code in CheckMarx and
discovered these following vulnerabilities: Privacy Violation, Path Traversal,
Insecure Randomness, Client Cross Fame Scripting Attack, Command Injection.
The most vulnerables files identified were: test=hgweb-auth.py, comvcmd.py,
synthrepo.py, run-tests.py, lsprof.py. We are working with the IT team on next
steps and wanted to provide this general information in your bug tracker. I'm
able to provide you the actual report due to IP. If there are any specific
questions about the report and I work to provide you the requested information.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Mercurial-devel
mailing list