MGASA-2015-0157

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0157.html

Import Source

https://advisories.mageia.org/MGASA-2015-0157.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2015-0157

Related

Published

2015-04-15T17:22:53Z

Modified

2015-04-15T17:13:31Z

Summary

Updated python-dulwich packages fix security vulnerabilities

Details

Updated python-dulwich package fixes security vulnerabilities:

It was discovered that Dulwich allows writing to files under .git/ when checking out working trees. This could lead to the execution of arbitrary code with the privileges of the user running an application based on Dulwich (CVE-2014-9706).

Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the apply_delta() function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the execution of arbitrary code with the privileges of the user running a Git server or client based on Dulwich (CVE-2015-0838).

The python-dulwich package has been updated to version 0.10.0, fixing these issues and other bugs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / python-dulwich

Package

Name: python-dulwich
Purl: pkg:rpm/mageia/python-dulwich?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.0-1.mga4

Ecosystem specific

{
    "section": "core"
}