[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3984-1 git -- git

ID: oval:org.secpod.oval:def:603120Date: (C)2017-10-05   (M)2017-10-05
Class: PATCHFamily: unix




joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has not been configured . In addition to fixing the actual bug, this update removes the cvsserver subcommand from git-shell by default. Refer to the updated documentation for instructions how to reenable in case this CVS functionality is still needed.

Platform:
Debian 8.x
Debian 9.x
Product:
git
Reference:
DSA-3984-1
CPE    3
cpe:/a:git:git
cpe:/o:debian:debian_linux:8.x
cpe:/o:debian:debian_linux:9.x

© 2013 SecPod Technologies