OESA-2025-1849

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1849
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1849.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1849
Upstream
Published
2025-07-18T14:49:17Z
Modified
2025-08-12T05:49:50.304277Z
Summary
git security update
Details

Security Fix(es):

A vulnerability was found in Microsoft Visual Studio (Programming Tool Software) (affected version not known). It has been classified as problematic.This is going to have an impact on confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.(CVE-2025-27613)

A vulnerability, which was classified as problematic, has been found in Microsoft Visual Studio (Programming Tool Software) (version unknown).Impacted is confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.(CVE-2025-46334)

A vulnerability was found in j6t git-gui up to 2.50.0 (Versioning Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-88. The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Impacted is confidentiality, integrity, and availability.The vulnerability scanner Nessus provides a plugin with the ID 241644 (FreeBSD : git -- multiple vulnerabilities (2a4472ed-5c0d-11f0-b991-291fce777db8)), which helps to determine the existence of the flaw in a target environment.Upgrading to version 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1 or 2.50.1 eliminates this vulnerability.The vulnerability is also documented in the vulnerability database at Tenable (241644).(CVE-2025-46835)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / git

Package

Name
git
Purl
pkg:rpm/openEuler/git&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.33.0-19.oe2203sp3

Ecosystem specific 

{
    "aarch64": [
        "git-2.33.0-19.oe2203sp3.aarch64.rpm",
        "git-core-2.33.0-19.oe2203sp3.aarch64.rpm",
        "git-daemon-2.33.0-19.oe2203sp3.aarch64.rpm",
        "git-debuginfo-2.33.0-19.oe2203sp3.aarch64.rpm",
        "git-debugsource-2.33.0-19.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "git-2.33.0-19.oe2203sp3.x86_64.rpm",
        "git-core-2.33.0-19.oe2203sp3.x86_64.rpm",
        "git-daemon-2.33.0-19.oe2203sp3.x86_64.rpm",
        "git-debuginfo-2.33.0-19.oe2203sp3.x86_64.rpm",
        "git-debugsource-2.33.0-19.oe2203sp3.x86_64.rpm"
    ],
    "src": [
        "git-2.33.0-19.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "git-email-2.33.0-19.oe2203sp3.noarch.rpm",
        "git-gui-2.33.0-19.oe2203sp3.noarch.rpm",
        "git-help-2.33.0-19.oe2203sp3.noarch.rpm",
        "git-svn-2.33.0-19.oe2203sp3.noarch.rpm",
        "git-web-2.33.0-19.oe2203sp3.noarch.rpm",
        "gitk-2.33.0-19.oe2203sp3.noarch.rpm",
        "perl-Git-2.33.0-19.oe2203sp3.noarch.rpm",
        "perl-Git-SVN-2.33.0-19.oe2203sp3.noarch.rpm"
    ]
}