CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Date published : 2016-04-13

http://www.securityfocus.com/bid/85733

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html