Oval Definition:oval:org.mitre.oval:def:12780
Revision Date:2015-02-23Version:21
Title:DSA-1708-1 git-core -- shell command injection
Description:It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities: Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality. Local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server. For the stable distribution, these problems have been fixed in version 1:1.4.4.4-4+etch1. For the unstable distribution and testing distribution, the remote shell command injection issuei has been fixed in version 1.5.6-1. The other issue will be fixed soon. We recommend that you upgrade your Git packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-5516
CVE-2008-5517
CVE-2008-5916
DSA-1708-1
Platform(s):Debian GNU/Linux 4.0
Product(s):git-core
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • git-daemon-run DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR gitweb DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR git-doc DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR git-svn DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR git-arch DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR git-cvs DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR git-email DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR gitk DPKG is earlier than 1:1.4.4.4-4+etch1
  • OR git-core DPKG is earlier than 1:1.4.4.4-4+etch1
    • BACK