UBUNTU-CVE-2025-27613
- Source
- https://ubuntu.com/security/CVE-2025-27613
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-27613.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-27613
- Upstream
- Downstream
- Related
- Published
- 2025-07-08T17:00:00Z
- Modified
- 2025-09-08T17:08:12Z
- Severity
-
- 3.6 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
- References
Affected packages
Ubuntu:22.04:LTS
git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.15?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.34.1-1ubuntu1.15
Affected versions
1:2.*
1:2.32.0-1ubuntu1
1:2.33.1-1ubuntu1
1:2.34.1-1ubuntu1
1:2.34.1-1ubuntu1.1
1:2.34.1-1ubuntu1.2
1:2.34.1-1ubuntu1.4
1:2.34.1-1ubuntu1.5
1:2.34.1-1ubuntu1.6
1:2.34.1-1ubuntu1.8
1:2.34.1-1ubuntu1.9
1:2.34.1-1ubuntu1.10
1:2.34.1-1ubuntu1.11
1:2.34.1-1ubuntu1.12
1:2.34.1-1ubuntu1.13
1:2.34.1-1ubuntu1.14
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-all",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-email",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-man",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "gitk",
"binary_version": "1:2.34.1-1ubuntu1.15"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.34.1-1ubuntu1.15"
}
]
}Ubuntu:24.04:LTS
git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.43.0-1ubuntu7.3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.43.0-1ubuntu7.3
Affected versions
1:2.*
1:2.40.1-1ubuntu1
1:2.43.0-1ubuntu1
1:2.43.0-1ubuntu5
1:2.43.0-1ubuntu6
1:2.43.0-1ubuntu7
1:2.43.0-1ubuntu7.1
1:2.43.0-1ubuntu7.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-all",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-email",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-man",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "gitk",
"binary_version": "1:2.43.0-1ubuntu7.3"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.43.0-1ubuntu7.3"
}
]
}Ubuntu:25.04
git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.48.1-0ubuntu1.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.48.1-0ubuntu1.1
Affected versions
1:2.*
1:2.45.2-1ubuntu1
1:2.45.2-1.2ubuntu1
1:2.47.1-0ubuntu1
1:2.47.1-1ubuntu1
1:2.48.1-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-all",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-email",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-man",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "gitk",
"binary_version": "1:2.48.1-0ubuntu1.1"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.48.1-0ubuntu1.1"
}
]
}Ubuntu:Pro:16.04:LTS
git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.7.4-0ubuntu1.10+esm11?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.7.4-0ubuntu1.10+esm11
Affected versions
1:2.*
1:2.5.0-1
1:2.6.2-1
1:2.6.3-1
1:2.6.4-1
1:2.7.0~rc3-1
1:2.7.0-1
1:2.7.3-0ubuntu1
1:2.7.4-0ubuntu1
1:2.7.4-0ubuntu1.1
1:2.7.4-0ubuntu1.2
1:2.7.4-0ubuntu1.3
1:2.7.4-0ubuntu1.4
1:2.7.4-0ubuntu1.5
1:2.7.4-0ubuntu1.6
1:2.7.4-0ubuntu1.7
1:2.7.4-0ubuntu1.8
1:2.7.4-0ubuntu1.9
1:2.7.4-0ubuntu1.10
1:2.7.4-0ubuntu1.10+esm1
1:2.7.4-0ubuntu1.10+esm3
1:2.7.4-0ubuntu1.10+esm4
1:2.7.4-0ubuntu1.10+esm5
1:2.7.4-0ubuntu1.10+esm6
1:2.7.4-0ubuntu1.10+esm7
1:2.7.4-0ubuntu1.10+esm8
1:2.7.4-0ubuntu1.10+esm9
1:2.7.4-0ubuntu1.10+esm10
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-all",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-arch",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-core",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-el",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-email",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-man",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "gitk",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.7.4-0ubuntu1.10+esm11"
}
]
}Ubuntu:Pro:18.04:LTS
git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.17.1-1ubuntu0.18+esm4?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.17.1-1ubuntu0.18+esm4
Affected versions
1:2.*
1:2.14.1-1ubuntu4
1:2.15.1-1ubuntu2
1:2.17.0-1ubuntu1
1:2.17.1-1ubuntu0.1
1:2.17.1-1ubuntu0.3
1:2.17.1-1ubuntu0.4
1:2.17.1-1ubuntu0.5
1:2.17.1-1ubuntu0.6
1:2.17.1-1ubuntu0.7
1:2.17.1-1ubuntu0.8
1:2.17.1-1ubuntu0.9
1:2.17.1-1ubuntu0.10
1:2.17.1-1ubuntu0.11
1:2.17.1-1ubuntu0.12
1:2.17.1-1ubuntu0.13
1:2.17.1-1ubuntu0.14
1:2.17.1-1ubuntu0.15
1:2.17.1-1ubuntu0.16
1:2.17.1-1ubuntu0.17
1:2.17.1-1ubuntu0.18
1:2.17.1-1ubuntu0.18+esm1
1:2.17.1-1ubuntu0.18+esm2
1:2.17.1-1ubuntu0.18+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-all",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-el",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-email",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-man",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "gitk",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.17.1-1ubuntu0.18+esm4"
}
]
}Ubuntu:Pro:20.04:LTS
git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.25.1-1ubuntu3.14+esm3?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.25.1-1ubuntu3.14+esm3
Affected versions
1:2.*
1:2.20.1-2ubuntu1
1:2.24.0-1ubuntu1
1:2.24.0-1ubuntu2
1:2.25.0-1ubuntu1
1:2.25.1-1ubuntu1
1:2.25.1-1ubuntu2
1:2.25.1-1ubuntu3
1:2.25.1-1ubuntu3.1
1:2.25.1-1ubuntu3.2
1:2.25.1-1ubuntu3.3
1:2.25.1-1ubuntu3.4
1:2.25.1-1ubuntu3.5
1:2.25.1-1ubuntu3.6
1:2.25.1-1ubuntu3.7
1:2.25.1-1ubuntu3.8
1:2.25.1-1ubuntu3.10
1:2.25.1-1ubuntu3.11
1:2.25.1-1ubuntu3.12
1:2.25.1-1ubuntu3.13
1:2.25.1-1ubuntu3.14
1:2.25.1-1ubuntu3.14+esm1
1:2.25.1-1ubuntu3.14+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-all",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-el",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-email",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-man",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "gitk",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.25.1-1ubuntu3.14+esm3"
}
]
}