[Backports-security-announce] Security Update for git

Sebastian Harl uploaded new packages for git, a popular distributed revision control system, which fixed the following security problem: CVE-2010-2542, Debian BTS 590026 A buffer overrun was found in the way Git sanitized path of a git directory. If a local attacker would create a specially-craft...

[Backports-security-announce] Security Update for git

Sebastian Harl uploaded new packages for git, a popular distributed revision control system, which fixed the following security problem: CVE-2010-2542, Debian BTS 590026 A buffer overrun was found in the way Git sanitized path of a git directory. If a local attacker would create a specially-craft...

Mandriva Linux Security Advisory : git (MDVSA-2009:155)

A vulnerability has been found and corrected in git : git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a request containing extra unrecognized arguments CVE-2009-2108. This update provides fixes for this...

FreeBSD : git -- buffer overflow vulnerability (827bc2b7-95ed-11df-9160-00e0815b8da8)

Greg Brockman reports : If an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from t...

git -- buffer overflow vulnerability

Greg Brockman reports: If an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code...

[SECURITY] Fedora 13 Update: gitolite-1.4.2-1.fc13

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

Linux kernel 2.6.x l2cap_config_rsp()函数远程拒绝服务漏洞

BUGTRAQ ID: 38979 Linux Kernel是开放源码操作系统Linux所使用的内核 Linux Kernel的net/bluetooth/l2cap.c文件中的l2capconfigrsp函数存在拒绝服务漏洞，远程攻击者可以通过发送配置参数大小大于req缓冲区的特制报文导致内核崩溃 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

[SECURITY] Fedora 13 Update: ikiwiki-3.20100312-1.fc13

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

[SECURITY] Fedora 12 Update: ikiwiki-3.20100312-1.fc12

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

Debian DSA-1841-1 : git-core - denial of service

It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no...

Debian DSA-1990-1 : trac-git - shell command injection

Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution

The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell. An unauthenticated, remote attacker can...

gitWeb 1.5.2 - Remote Command Execution

gitWeb 1.5.2 - Remote Command Execution Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind...

Command injection

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

The CVE concerns trac-git (Trac Git plugin) where PyGIT.py allows remote code execution by passing shell metacharacters in a crafted HTTP query to generate a git command. Affected: Debian/Ubuntu packaging of trac-git prior to 0.0.20080710-3+lenny1 (and prior to 0.0.20090320-1 in newer releases); ...

Debian Security Advisory DSA 1841-2 (git-core)

The remote host is missing an update to git-core announced via advisory DSA 1841-2. OpenVAS Vulnerability Test $Id: deb18412.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 1841-2 git-core Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Debian: Security Advisory (DSA-1841)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...