An update that fixes three vulnerabilities is now available.
This update for mercurial fixes the following issues:
Security issues fixed:
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (boo#1100353). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (boo#1100355). - CVE-2018-13346: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (boo#1100354).
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: