[SECURITY] Fedora 28 Update: gitolite3-3.6.9-1.fc28

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

[SECURITY] Fedora 29 Update: gitolite3-3.6.9-1.fc29

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

CVE-2018-16976

Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

CVE-2018-16976

CVE-2018-16976 affects gitolite prior to 3.6.9. Multiple advisories describe a race condition of repos that are “in the process of being migrated”; under certain configurations (involving @all or a regex) this can allow valid users to obtain unintended access before migration completes. Connected...

PEDA - Python Exploit Development Assistance For GDB

PEDA - Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development for a full list of commands use peda help: aslr --...

Open .Git Directories Leave 390K Websites Vulnerable

A scan of more than 230 million web domains worldwide has uncovered 390,000 web pages with open .git directories – a worrying state of affairs that can expose a range of sensitive information. Researcher Vladimír Smitka at Lynt Services performed the scan, starting first in his native Czech...

[SECURITY] [DLA 1495-1] git-annex security update

Package : git-annex Version : 5.20141125+oops-1+deb8u2 CVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859 Debian Bug : 873088 The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data...

DLA-1495-1 git-annex - security update

Bulletin has no description...

Debian: Security Advisory (DLA-1495-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Darling - Darwin/macOS Emulation Layer For Linux

Darling is a runtime environment for OS X applications. Please note that no GUI applications are supported at the moment. Download Darling uses many Git submodules, so a plain clone will not do. git clone --recurse-submodules https://github.com/darlinghq/darling.git Updating sources: git pull git...

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Researchers are warning of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware. Researchers at Cisco Talos, who discovered the threat actor they call “Rocke”, said they have been tracking the adversary sin...

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor. In this post, we loo...

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...

Updated cgit packages fix security vulnerability

Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' default is not turned off...

conventional-changelog-semf-config (=1.0.4) potentially affected by CVE-2018-3785 via git-dummy-commit (=1.3.0)

git-dummy-commit NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-dummy-commit and may be impacted: - conventional-changelog-semf-config =1.0.4 Source cves: CVE-2018-3785 Source advisory: OSV:GHSA-H3C2-X77C-7PVR...

GHSA-H3C2-X77C-7PVR Command Injection in git-dummy-commit

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

Command Injection in git-dummy-commit

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...

git-dummy-commit command injection vulnerability

git-dummy-commit is a code commit package. A command injection vulnerability exists in git-dummy-commit version 1.3.0, which stems from the program failing to encode the 'msg' parameter. An attacker can exploit this vulnerability to execute operating system commands...

[SECURITY] Fedora 27 Update: libgit2-0.26.6-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...