CLSA-2025-1754648405

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1754648405

Upstream

CVE-2025-27613

CVE-2025-27614

CVE-2025-46835

Published

2025-08-08T10:20:09Z

Modified

2026-06-04T09:46:58.957749320Z

Summary

Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835

Details

SECURITY UPDATE: potential file creation/truncation when cloning untrusted repository in gitk
- debian/patches/CVE-2025-27613CVE-2025-27614CVE-2025-46835.patch: improve dark mode support, remove hard-coded colors in ttext calls and use colors from the theme for text widgets via Text.Background and Text.Foreground
- CVE-2025-27613
SECURITY UPDATE: security vulnerability allowing arbitrary script execution
- debian/patches/CVE-2025-27613CVE-2025-27614CVE-2025-46835.patch: Fix hard-coded colors in ttext widgets to use theme colors
- CVE-2025-27614
SECURITY UPDATE: security issue with untrusted repository cloning and file editing
- debian/patches/CVE-2025-27613CVE-2025-27614CVE-2025-46835.patch: validate directory names to prevent file overwrite attacks
- CVE-2025-46835

References

https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2025-1754648405.html

Affected packages

TuxCare:Ubuntu:16.04

git

Package

Name: git
Purl: pkg:deb/tuxcare/git?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-all

Package

Name: git-all
Purl: pkg:deb/tuxcare/git-all?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-arch

Package

Name: git-arch
Purl: pkg:deb/tuxcare/git-arch?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-core

Package

Name: git-core
Purl: pkg:deb/tuxcare/git-core?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-cvs

Package

Name: git-cvs
Purl: pkg:deb/tuxcare/git-cvs?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-daemon-run

Package

Name: git-daemon-run
Purl: pkg:deb/tuxcare/git-daemon-run?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-daemon-sysvinit

Package

Name: git-daemon-sysvinit
Purl: pkg:deb/tuxcare/git-daemon-sysvinit?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-doc

Package

Name: git-doc
Purl: pkg:deb/tuxcare/git-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-el

Package

Name: git-el
Purl: pkg:deb/tuxcare/git-el?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-email

Package

Name: git-email
Purl: pkg:deb/tuxcare/git-email?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-gui

Package

Name: git-gui
Purl: pkg:deb/tuxcare/git-gui?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-man

Package

Name: git-man
Purl: pkg:deb/tuxcare/git-man?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-mediawiki

Package

Name: git-mediawiki
Purl: pkg:deb/tuxcare/git-mediawiki?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

git-svn

Package

Name: git-svn
Purl: pkg:deb/tuxcare/git-svn?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

gitk

Package

Name: gitk
Purl: pkg:deb/tuxcare/gitk?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"

gitweb

Package

Name: gitweb
Purl: pkg:deb/tuxcare/gitweb?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.7.4-0ubuntu1.10+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1754648405.json"