CVE-2018-10859 log
Source |
|
Severity | High |
Remote | Yes |
Type | Information disclosure |
Description | A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-725 | git-annex | 6.20180529-18 | 6.20180626-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
04 Jul 2018 | ASA-201807-2 | AVG-725 | git-annex | High | multiple issues |
References |
---|
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/ |