git

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description the fast distributed version control system
Version 2.26.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1074 2.24.0-1 2.24.1-1 High Not affected
AVG-1073 2.24.0-1 2.24.1-1 High Fixed
AVG-776 2.19.0-1 2.19.1-1 High Fixed
AVG-711 2.17.0-1 2.17.1-1 Critical Fixed
AVG-377 2.14.0-1 2.14.1-1 Critical Fixed
AVG-267 2.12.2-4 2.13.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-19604 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1, and it is now disallowed for `.gitmodules` to have entries that set...
CVE-2019-1387 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation...
CVE-2019-1354 AVG-1074 High Yes Arbitrary code execution
Filenames on Linux/Unix can contain backslashes. On Windows, backslashes are directory separators. Git did not use to refuse to write out tracked files with...
CVE-2019-1353 AVG-1074 Medium Yes Arbitrary code execution
When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS...
CVE-2019-1352 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where it was unaware of NTFS Alternate Data Streams, allowing files inside the .git/ directory to be...
CVE-2019-1351 AVG-1074 Medium Yes Arbitrary code execution
While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual...
CVE-2019-1350 AVG-1074 Medium Yes Arbitrary code execution
Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs.
CVE-2019-1349 AVG-1073 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 when using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate...
CVE-2019-1348 AVG-1073 High Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where the --export-marks option of git fast-import is exposed also via the in- stream command feature...
CVE-2018-17456 AVG-776 High Yes Arbitrary code execution
A security issue has been found in git versions prior to 2.19.1, which allows an attacker to execute arbitrary code by crafting a malicious .gitmodules file...
CVE-2018-11235 AVG-711 Critical Yes Arbitrary code execution
A security issue has been found in git before 2.17.1. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that...
CVE-2018-11233 AVG-711 Medium Yes Information disclosure
A security issue has been found in git before 2.17.1, where the code that sanify-check paths in is_ntfs_dotgit() could have been tricked into reading random...
CVE-2017-1000117 AVG-377 Critical Yes Arbitrary command execution
A security issue has been found in git < 2.14.1. A malicious third- party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to...
CVE-2017-8386 AVG-267 High Yes Access restriction bypass
A security issue has been found in git < 2.12.3, allowing a remote restricted user to execute an interactive pager on the server by causing it to spawn "git...

Advisories

Date Advisory Group Severity Description
18 Dec 2019 ASA-201912-6 AVG-1073 High arbitrary code execution
09 Oct 2018 ASA-201810-7 AVG-776 High arbitrary code execution
01 Jun 2018 ASA-201806-1 AVG-711 Critical multiple issues
12 Aug 2017 ASA-201708-6 AVG-377 Critical arbitrary command execution
12 May 2017 ASA-201705-14 AVG-267 High access restriction bypass