| |||||||||||||||||||
Mageia alert MGASA-2013-0091 (git)
MGASA-2013-0091 Date: March 15rd, 2013 Affected releases: 2 Media: Core Description: Updated git packages fix security vulnerability: It was discovered that Git's git-imap-send command, a tool to send a collection of patches from standard input (stdin) to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server's certificate, as it did not ensure that the server's hostname matched the one provided in the CN field of the server's certificate. A rogue server could use this flaw to conduct man-in-the-middle attacks, possibly leading to the disclosure of sensitive information (CVE-2013-0308). Updated Packages: i586: gitweb-1.7.10-1.1.mga2.i586 git-email-1.7.10-1.1.mga2.i586 git-core-oldies-1.7.10-1.1.mga2.i586 git-1.7.10-1.1.mga2.i586 git-cvs-1.7.10-1.1.mga2.i586 libgit-devel-1.7.10-1.1.mga2.i586 git-svn-1.7.10-1.1.mga2.i586 git-prompt-1.7.10-1.1.mga2.i586 gitk-1.7.10-1.1.mga2.i586 gitview-1.7.10-1.1.mga2.i586 perl-Git-1.7.10-1.1.mga2.i586 python-git-1.7.10-1.1.mga2.i586 git-core-1.7.10-1.1.mga2.i586 git-arch-1.7.10-1.1.mga2.i586 x86_64: gitview-1.7.10-1.1.mga2.x86_64 python-git-1.7.10-1.1.mga2.x86_64 gitk-1.7.10-1.1.mga2.x86_64 gitweb-1.7.10-1.1.mga2.x86_64 git-core-1.7.10-1.1.mga2.x86_64 git-1.7.10-1.1.mga2.x86_64 git-core-oldies-1.7.10-1.1.mga2.x86_64 git-cvs-1.7.10-1.1.mga2.x86_64 perl-Git-1.7.10-1.1.mga2.x86_64 git-arch-1.7.10-1.1.mga2.x86_64 lib64git-devel-1.7.10-1.1.mga2.x86_64 git-prompt-1.7.10-1.1.mga2.x86_64 git-email-1.7.10-1.1.mga2.x86_64 git-svn-1.7.10-1.1.mga2.x86_64 SRPMS: git-1.7.10-1.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0308 https://rhn.redhat.com/errata/RHSA-2013-0589.html https://bugs.mageia.org/show_bug.cgi?id=9255 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||