mercurial -- multiple issues
mercurial developers reports:
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright