Fix Mercurial command injection vulnerability
80b8dc521d14
Actions

Description

Fix Mercurial command injection vulnerability

Summary: See http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html.

Test Plan: Crafted bad remote URL; got error instead of code execution.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12112

Details

Provenance

epriestley	Authored on
epriestley	Pushed on Mar 20 2015, 4:26 PM

Reviewer

btrahan

Differential Revision

D12112: Fix Mercurial command injection vulnerability

Parents

rPb7fa55ff9396: Fix improper selection of the chunk engine as a writable engine

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley committed rP80b8dc521d14: Fix Mercurial command injection vulnerability (authored by epriestley).Mar 20 2015, 4:26 PM

Changes (4)

Path

Size

src/

__phutil_library_map__.php

applications/

config/

check/

PhabricatorBinariesSetupCheck.php

repository/

constants/

PhabricatorRepositoryVersion.php

engine/

PhabricatorRepositoryPullEngine.php

rP80b8dc521d14

View Options

src/__phutil_library_map__.php

View Options

src/applications/config/check/PhabricatorBinariesSetupCheck.php

View Options

src/applications/repository/constants/PhabricatorRepositoryVersion.php

View Options

src/applications/repository/engine/PhabricatorRepositoryPullEngine.php

Fix Mercurial command injection vulnerability80b8dc521d14Actions

Description

Details

Event Timeline

Changes (4)

rP80b8dc521d14

src/__phutil_library_map__.php

src/applications/config/check/PhabricatorBinariesSetupCheck.php

src/applications/repository/constants/PhabricatorRepositoryVersion.php

src/applications/repository/engine/PhabricatorRepositoryPullEngine.php

Fix Mercurial command injection vulnerability
80b8dc521d14
Actions