CVE-2017-8386 log

Source
Severity High
Remote Yes
Type Access restriction bypass
Description
A security issue has been found in git < 2.12.3, allowing a remote restricted user to execute an interactive pager on the server by causing it to spawn "git upload-pack --help". This is only an issue for servers running the "git-shell" restricted login shell.
Group Package Affected Fixed Severity Status Ticket
AVG-267 git 2.12.2-4 2.13.0-1 High Fixed
Date Advisory Group Package Severity Description
12 May 2017 ASA-201705-14 AVG-267 git High access restriction bypass
References
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/