Gentoo Linux Security Advisory 201612-19 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 3.8.4 are affected.
47c379d973e4969784c5bccded8e80c7573e79b6ec6f68d82c36130813ba786e
Red Hat Security Advisory 2016-0706-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository.
8d3ab188c8050ef61e4d414ae4a3622d517e9e409cfb8acea2df904721d13de6
Debian Linux Security Advisory 3542-1 - Several vulnerabilities have been discovered in Mercurial, a distributed version control system.
8a55233ac0ff62df88d422523f37a42a009f2e368698ed0a39f5c316eb14eec0
Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
d0919f77b9b9e732bca1f1e124be77e787a59e2770588c11f149a2c7ab403dc7