AVG-725

Package git-annex
Status Fixed
Severity High
Type multiple issues
Affected 6.20180529-18
Fixed 6.20180626-1
Current 7.20181211-22 [community]
Ticket None
Created Wed Jun 27 07:47:08 2018
Issue Severity Remote Type Description
CVE-2018-10859 High Yes Information disclosure
A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to...
CVE-2018-10857 High Yes Arbitrary filesystem access
Some uses of git-annex were vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the...
Date Advisory Package Description
04 Jul 2018 ASA-201807-2 git-annex multiple issues