Upstream information

CVE-2010-4237 at MITRE

Description

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 645293 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.3
  • mercurial-debuginfo >= 1.5-4.3.1
  • mercurial-debugsource >= 1.5-4.3.1
openSUSE 11.3
  • mercurial >= 1.5-4.3.1