CLSA-2025-1754346021 git: Fix of CVE-2025-27613

CVE-2025-27613: fix vulnerability where Gitk can write and truncate arbitrary writable files...

Important: git

Issue Overview: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of...

git security update

An update is available for git. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

Security Updates for Microsoft Visual Studio Products (July 2025)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities. - Vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. T...

USN-7626-3 git regression

USN-7626-1 fixed vulnerabilities in Git. The updates for CVE-2025-27613 and CVE-2025-46835 caused Gitk and Git GUI to not work properly on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and were disabled in USN-7626-2. The problematic updates for the aforementioned CV...

USN-7626-3: Git regression

USN-7626-1 fixed vulnerabilities in Git. The updates for CVE-2025-27613 and CVE-2025-46835 caused Gitk and Git GUI to not work properly on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and were disabled in USN-7626-2. The problematic updates for the aforementioned CV...

AZL-65079 CVE-2025-27614 affecting package git for versions less than 2.45.4-1

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

DEBIAN-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

ALPINE-CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

ALPINE-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

AZL-65076 CVE-2025-27613 affecting package git for versions less than 2.45.4-1

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

AZL-65073 CVE-2025-27613 affecting package git for versions less than 2.40.4-2

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...