LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

git: arbitrary code execution

Package(s):git CVE #(s):CVE-2008-5517
Created:January 12, 2009 Updated:March 9, 2009
Description:

From the SUSE advisory:

Insufficient quoting of shell characters allowed remote attackers to execute arbitrary commands via the git web interface (CVE-2008-5517)

Alerts:
Gentoo 200903-15 2009-03-09
Slackware SSA:2009-051-02 2009-02-23
Ubuntu USN-723-1 2009-02-18
Debian DSA-1708-1 2009-01-19
SuSE SUSE-SR:2009:001 2009-01-12
rPath rPSA-2009-0005-1 2009-01-13
(Log in to post comments)

git: arbitrary code execution

Posted Jan 15, 2009 12:22 UTC (Thu) by cortana (subscriber, #24596) [Link]

Are the versions in Debian's stable and backports repositories vulnerable to this?

1.4.4.4 and 1.5.6.5 respectively.

git: arbitrary code execution

Posted Jan 20, 2009 14:32 UTC (Tue) by fbriere (subscriber, #4961) [Link]

It depends, as there are actually two issues at stake. Hopefully, DSA-1708-1 should provide you with all the information you need.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds