AVG-725 log
| Package | git-annex |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 6.20180529-18 |
| Fixed | 6.20180626-1 |
| Current | 10.20251029-3 [extra] |
| Ticket | None |
| Created | Wed Jun 27 07:47:08 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-10859 | High | Yes | Information disclosure | A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to... |
| CVE-2018-10857 | High | Yes | Arbitrary filesystem access | Some uses of git-annex were vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 04 Jul 2018 | ASA-201807-2 | git-annex | multiple issues |