git-annex

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Manage files with git, without checking their contents into git
Version 7.20190219-12 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-725 6.20180529-18 6.20180626-1 High Fixed
AVG-496 6.20170925-1 6.20171003-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-10859 AVG-725 High Yes Information disclosure
A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to...
CVE-2018-10857 AVG-725 High Yes Arbitrary filesystem access
Some uses of git-annex were vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the...
CVE-2017-12976 AVG-496 Medium Yes Arbitrary command execution
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as...

Advisories

Date Advisory Group Severity Description
04 Jul 2018 ASA-201807-2 AVG-725 High multiple issues