MGASA-2017-0266
- Source
- https://advisories.mageia.org/MGASA-2017-0266.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0266.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2017-0266
- Related
- Published
- 2017-08-13T22:19:29Z
- Modified
- 2017-08-13T21:22:01Z
- Summary
- Updated git packages fix security vulnerability
- Details
-
Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules (CVE-2017-1000117).
- References
-
- https://advisories.mageia.org/MGASA-2017-0266.html
- https://bugs.mageia.org/show_bug.cgi?id=21503
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.5.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.6.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.13.4.txt
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.13.5.txt
- https://www.debian.org/security/2017/dsa-3934
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / git
Package
- Name
- git
- Purl
- pkg:rpm/mageia/git?distro=mageia-6
Mageia:5 / git
Package
- Name
- git
- Purl
- pkg:rpm/mageia/git?distro=mageia-5