2017-11-29

It is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked in to the repository in Mercurial 4.4 and earlier. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

mercurial-4.3.3.tgz

mercurial-x11-4.3.3.tgz