CLSA-2023-1677095961

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLSA-2023-1677095961
Upstream
Published
2023-02-22T19:59:21Z
Modified
2026-05-27T11:34:57.133931471Z
Summary
git: Fix of 6 CVEs
Details
  • CVE-2022-41903: fix out-of-bounds write caused by integer overflow
  • CVE-2021-40330: forbid newlines in host and path
  • CVE-2022-39260: reject too long command line strings
  • CVE-2021-23521: implement size checks for .gitattributes
  • CVE-2023-22490: prevent arbitrary path exfiltration when using non-local transports
  • CVE-2023-23946: prevent git-apply from writing behind newly created symbolic links
References

Affected packages

TuxCare:CentOS:8.5
git

Package

Name
git
Purl
pkg:rpm/tuxcare/git?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-all

Package

Name
git-all
Purl
pkg:rpm/tuxcare/git-all?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-core

Package

Name
git-core
Purl
pkg:rpm/tuxcare/git-core?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-core-doc

Package

Name
git-core-doc
Purl
pkg:rpm/tuxcare/git-core-doc?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-credential-libsecret

Package

Name
git-credential-libsecret
Purl
pkg:rpm/tuxcare/git-credential-libsecret?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-daemon

Package

Name
git-daemon
Purl
pkg:rpm/tuxcare/git-daemon?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-email

Package

Name
git-email
Purl
pkg:rpm/tuxcare/git-email?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-gui

Package

Name
git-gui
Purl
pkg:rpm/tuxcare/git-gui?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-instaweb

Package

Name
git-instaweb
Purl
pkg:rpm/tuxcare/git-instaweb?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-subtree

Package

Name
git-subtree
Purl
pkg:rpm/tuxcare/git-subtree?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
git-svn

Package

Name
git-svn
Purl
pkg:rpm/tuxcare/git-svn?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
gitk

Package

Name
gitk
Purl
pkg:rpm/tuxcare/gitk?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
gitweb

Package

Name
gitweb
Purl
pkg:rpm/tuxcare/gitweb?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
perl-Git

Package

Name
perl-Git
Purl
pkg:rpm/tuxcare/perl-Git?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"
perl-Git-SVN

Package

Name
perl-Git-SVN
Purl
pkg:rpm/tuxcare/perl-Git-SVN?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.27.0-1.el8.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1677095961.json"