CVE-2016-8513

CVE-2016-8513 describes a CSRF vulnerability in HPE Version Control Repository Manager (VCRM) affecting all versions prior to 7.6. A remote attacker could exploit this by convincing a user to follow a crafted link or HTML page to perform unauthorized actions. The vulnerability’s impact is indicat...

The vulnerability of the centralized version control system CVS lies in its improper handling of data when interacting with a remote repository via SSH protocol. This allows a malicious actor to execute arbitrary code.

The vulnerability of the centralized version control system CVS is related to improper data processing when interacting with a remote repository via SSH protocol. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted hostname in the repository’...

[SECURITY] [DLA 1224-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u6 CVE ID : CVE-2017-17458 A vulnerability was found in the Mercurial version control system which could lead to remote arbitrary code execution. CVE-2017-17458 A specially malformed Mercurial repository could cause Git subrepositories to run arbitrary co...

Debian: Security Advisory (DSA-4052-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: git-2.14.3-2.fc27

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

USN-3411-2: Bazaar vulnerability

USN-3411-1 fixed a vulnerability in Bazaar. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository...

CVS: Command injection

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description It was discovered that when CVS is configured to use SSH for remote repositories it allows remote attackers to execute arbitrary code...

JGI CMS 1.0 Script Source Code Disclosure

Title: ======= JGI CMS - Script Source Code Disclosure Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS...

CMS Showcase 1.0 Cross Site Scripting

Title: ======= CMS Showcase - Multiple Reflected Cross-Site Scripting Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative...

[SECURITY] Fedora 25 Update: cvs-1.11.23-41.fc25

CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...

[SECURITY] Fedora 26 Update: cvs-1.11.23-42.fc26

CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...

mod_dav_svn, subversion security update

CentOS Errata and Security Advisory CESA-2017:2480 An update for subversion is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] Fedora 25 Update: subversion-1.9.7-1.fc25

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

USN-3399-1 cvs vulnerability

Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user...

Updated cvs package fixes security vulnerability

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...

[SECURITY] Fedora 26 Update: subversion-1.9.7-1.fc26

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

[SECURITY] [DSA 3940-1] cvs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 13, 2017 https://www.debian.org/security/faq -...

UBUNTU-CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

Cleaning up my GOPATH with Homebrew

tl;dr: use the script at the bottom to go get into the Homebrew "Cellar" and keep your GOPATH clean. I personally like GOPATH and import paths, but while trying to reduce my laptop to a thin reproducible client, I felt the pain of keeping track of the hundreds of repositories that end up in there...

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Around the world programmers Please Note, You must now immediately updates your version control system, Git, SVN, Mercurial open-source version control system recently to fix critical security vulnerabilities, the delay in the upgrade, you will be affected by the vulnerability. More mainstream...