{"affected":[{"ecosystem_specific":{"binaries":[{"mercurial":"2.8.2-6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"mercurial","purl":"pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.2-6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mercurial":"2.8.2-6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"mercurial","purl":"pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.2-6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"mercurial was updated to fix three security issues.\n\nThese security issues were fixed:\n- CVE-2016-3069: Arbitrary code execution when converting Git repos (bsc#973176).\n- CVE-2016-3068: Arbitrary code execution with Git subrepos (bsc#973177).\n- CVE-2016-3630: Remote code execution in binary delta decoding (bsc#973175).\n  ","id":"SUSE-SU-2016:1010-1","modified":"2016-04-12T08:38:59Z","published":"2016-04-12T08:38:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161010-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/973175"},{"type":"REPORT","url":"https://bugzilla.suse.com/973176"},{"type":"REPORT","url":"https://bugzilla.suse.com/973177"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3068"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3069"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3630"}],"related":["CVE-2016-3068","CVE-2016-3069","CVE-2016-3630"],"summary":"Security update for mercurial","upstream":["CVE-2016-3068","CVE-2016-3069","CVE-2016-3630"]}