The vulnerability of the distributed Git version control system allows a hacker to execute arbitrary code.

The vulnerability of the distributed Git version control system arises from a numerical overflow condition. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code using a long file name or multiple nested trees, which causes a buffer overflow in the dynami...

[SECURITY] Fedora 23 Update: subversion-1.9.4-1.fc23

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

[SECURITY] Fedora 24 Update: subversion-1.9.4-1.fc24

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

DLA-459-1 mercurial - security update

Bulletin has no description...

[SECURITY] [DSA 3570-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3570-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3570-1 (mercurial - security update)

Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository name...

Apple Patches Two Flaws in Xcode's Git Implementation

Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution. The new version of Xcode, 7.3.1, is available for El...

DSA-3561-1 subversion - security update

Bulletin has no description...

UBUNTU-CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository...

[SECURITY] [DSA 3542-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3542-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2016 https://www.debian.org/security/faq -...

DSA-3542-1 mercurial - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3542-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Meld - Visual Diff And Merge Tool Targeted At Developers

Meld is a visual diff and merge tool targeted at developers. Meld helps you compare files, directories, and version controlled projects. It provides two- and three-way comparison of both files and directories, and has support for many popular version control systems. Meld helps you review code...

iTop 2.2.1 - Cross-Site Request Forgery

Exploit for php platform in category web applications Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016 Public...

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe - In most versions of PHP, it lies about being secure - And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: - Release a new version v1.3.0 or most likely v2.0.0 that...

[SECURITY] Fedora 22 Update: subversion-1.8.15-1.fc22

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

[SECURITY] Fedora 22 Update: monotone-1.1-13.fc22

monotone is a free, distributed version control system. It provides fully disconnected operation, manages complete tree versions, keeps its state in a local transactional database, supports overlapping branches and extensible metadata, exchanges work over plain network protocols, performs...

[SECURITY] Fedora 23 Update: monotone-1.1-13.fc23

monotone is a free, distributed version control system. It provides fully disconnected operation, manages complete tree versions, keeps its state in a local transactional database, supports overlapping branches and extensible metadata, exchanges work over plain network protocols, performs...

Deleting a vDisk version does not delete the physical version file

Deleting a vDisk version does not delete the version's physical file...

Debian Security Advisory DSA 3435-1 (git - security update)

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs. OpenVAS Vulnerability Test $Id: deb3435.nasl 6608 2017-07-07...