Date: Mon, 19 Oct 2015 17:04:03 +0000 (UTC) From: Renato Botelho <garga@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r399700 - head/security/vuxml Message-ID: <201510191704.t9JH437n064944@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: garga Date: Mon Oct 19 17:04:02 2015 New Revision: 399700 URL: https://svnweb.freebsd.org/changeset/ports/399700 Log: Add new VuXML entry for git arbitrary code execution bug on versions before 2.6.1 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Oct 19 16:59:49 2015 (r399699) +++ head/security/vuxml/vuln.xml Mon Oct 19 17:04:02 2015 (r399700) @@ -58,6 +58,48 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7f645ee5-7681-11e5-8519-005056ac623e"> + <topic>Git -- Execute arbitrary code</topic> + <affects> + <package> + <name>git</name> + <range><lt>2.6.1</lt></range> + </package> + <package> + <name>git-gui</name> + <range><lt>2.6.1</lt></range> + </package> + <package> + <name>git-lite</name> + <range><lt>2.6.1</lt></range> + </package> + <package> + <name>git-subversion</name> + <range><lt>2.6.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Git release notes:</p> + <blockquote cite="https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt"> + <p>Some protocols (like git-remote-ext) can execute arbitrary code + found in the URL. The URLs that submodules use may come from + arbitrary sources (e.g., .gitmodules files in a remote + repository), and can hurt those who blindly enable recursive + fetch. Restrict the allowed protocols to well known and safe + ones.</p> + </blockquote> + </body> + </description> + <references> + <url>https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt</url> + </references> + <dates> + <discovery>2015-09-23</discovery> + <entry>2015-10-19</entry> + </dates> + </vuln> + <vuln vid="3934cc60-f0fa-4eca-be09-c8bd7ae42871"> <topic>Salt -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510191704.t9JH437n064944>