俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.
{ "availability": "No subscription required", "binaries": [ { "git-daemon-run": "1:2.17.1-1ubuntu0.10", "git-email": "1:2.17.1-1ubuntu0.10", "git-mediawiki": "1:2.17.1-1ubuntu0.10", "git": "1:2.17.1-1ubuntu0.10", "git-el": "1:2.17.1-1ubuntu0.10", "git-cvs": "1:2.17.1-1ubuntu0.10", "git-doc": "1:2.17.1-1ubuntu0.10", "gitk": "1:2.17.1-1ubuntu0.10", "git-dbgsym": "1:2.17.1-1ubuntu0.10", "git-daemon-sysvinit": "1:2.17.1-1ubuntu0.10", "git-svn": "1:2.17.1-1ubuntu0.10", "git-gui": "1:2.17.1-1ubuntu0.10", "git-man": "1:2.17.1-1ubuntu0.10", "gitweb": "1:2.17.1-1ubuntu0.10", "git-all": "1:2.17.1-1ubuntu0.10" } ] }
{ "availability": "No subscription required", "binaries": [ { "git-daemon-run": "1:2.25.1-1ubuntu3.3", "git-email": "1:2.25.1-1ubuntu3.3", "git-mediawiki": "1:2.25.1-1ubuntu3.3", "git": "1:2.25.1-1ubuntu3.3", "git-el": "1:2.25.1-1ubuntu3.3", "git-cvs": "1:2.25.1-1ubuntu3.3", "git-doc": "1:2.25.1-1ubuntu3.3", "gitk": "1:2.25.1-1ubuntu3.3", "git-dbgsym": "1:2.25.1-1ubuntu3.3", "git-daemon-sysvinit": "1:2.25.1-1ubuntu3.3", "git-svn": "1:2.25.1-1ubuntu3.3", "git-gui": "1:2.25.1-1ubuntu3.3", "git-man": "1:2.25.1-1ubuntu3.3", "gitweb": "1:2.25.1-1ubuntu3.3", "git-all": "1:2.25.1-1ubuntu3.3" } ] }