Debian Git vulnerabilities

CVE-2018-19486 [CRITICAL] CVE-2018-19486: git - Git before 2.19.2 on Linux and UNIX executes commands from the current working d... Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Scope: local bookworm: resolved (fixed in 1:2.19.2-1) bullseye: resolved (fixed in 1:2.19.2-1) forky: r

CVE-2018-17456 [CRITICAL] CVE-2018-17456: git - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.1... Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Scope: local bookworm: resolved (fixed in 1:2.19.1-1) bullseye: resolved (

CVE-2018-11235 [HIGH] CVE-2018-11235: git - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before ... In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR

CVE-2018-11233 [HIGH] CVE-2018-11233: git - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before ... In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Scope: local bookworm: resolved (fixed in 1:2.17.1-1) bullseye: resolved (fixed in 1:2.17.1-1) forky: resolved (fixed in 1:2.17.1-1) sid: resolved (fixed in 1:2.17.1-1) trixie

CVE-2018-1000021 [MEDIUM] CVE-2018-1000021: git - GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability i... GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). Scope: local bookworm: open bullseye: open forky: ope

CVE-2017-8386 [HIGH] CVE-2017-8386: git - git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x be... git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. Scope: local bookworm: resolved (fixed in 1:2.11.0-3)

CVE-2017-14867 [HIGH] CVE-2017-14867: git - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.1... Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. Scope: local bookworm:

CVE-2017-1000117 [HIGH] CVE-2017-1000117: git - A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting vi... A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trig

CVE-2017-15298 [MEDIUM] CVE-2017-15298: git - Git through 2.14.2 mishandles layers of tree objects, which allows remote attack... Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. Scope: local

CVE-2016-2315 [CRITICAL] CVE-2016-2315: cgit - revision.c in git before 2.7.4 uses an incorrect integer data type, which allows... revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-2324 [CRITICAL] CVE-2016-2324: cgit - Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrar... Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-7545 [CRITICAL] CVE-2015-7545: git - The (1) git-remote-ext and (2) unspecified other remote helper programs in Git b... The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. Scope: local bookworm:

CVE-2014-9390 [CRITICAL] CVE-2014-9390: dulwich - Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, ... Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git s

CVE-2014-9938 [HIGH] CVE-2014-9938: git - contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch na... contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Scope: local bookworm: resolved (fixed in 1:2.0.0~rc2-1) bullseye: resolved (fixed in 1:2.0.0~rc2-1) forky: resolved (fixed in 1:2.0.0~rc2-1) sid: resolved (fixed in 1:2.0.0~rc2-1) trixie: resolved (fixed in 1:2.

CVE-2013-0308 [MEDIUM] CVE-2013-0308: git - The imap-send command in GIT before 1.8.1.4 does not verify that the server host... The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved tr

CVE-2010-3906 [MEDIUM] CVE-2010-3906: git - Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows re... Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Scope: local bookworm: resolved (fixed in 1:1.7.2.3-2.2) bullseye: resolved (fixed in 1:1.7.2.3-2.2) forky: resolved (fixed in 1:1.7.2.3-2.2) sid: resolved (fixed in 1:1.7.2.3-2.2) trixie: resolved (fi