git-annex
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Manage files with git, without checking their contents into git |
| Version | 10.20251029-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-725 | 6.20180529-18 | 6.20180626-1 | High | Fixed | |
| AVG-496 | 6.20170925-1 | 6.20171003-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-10859 | AVG-725 | High | Yes | Information disclosure | A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to... |
| CVE-2018-10857 | AVG-725 | High | Yes | Arbitrary filesystem access | Some uses of git-annex were vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the... |
| CVE-2017-12976 | AVG-496 | Medium | Yes | Arbitrary command execution | git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 04 Jul 2018 | ASA-201807-2 | AVG-725 | High | multiple issues |