DSA-1708-1 git-core -- shell command injectionID: oval:org.secpod.oval:def:600379 | Date: (C)2011-05-13 (M)2023-02-20 |
Class: PATCH | Family: unix |
It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities: Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality . Local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server . For the stable distribution , these problems have been fixed in version 1.4.4.4-4+etch1. For the unstable distribution and testing distribution , the remote shell command injection issuei has been fixed in version 1.5.6-1. The other issue will be fixed soon. We recommend that you upgrade your Git packages.