MGASA-2020-0354

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0354.html

Import Source

https://advisories.mageia.org/MGASA-2020-0354.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0354

Upstream

CVE-2020-24614

Published

2020-08-30T16:53:07Z

Modified

2026-04-16T04:43:40.164751673Z

Summary

Updated fossil package fixes security vulnerability

Details

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository (CVE-2020-24614).

The fossil package has been updated to version 2.10.2, containing fixes for this issue, fixes for other bugs and security issues, and additional enhancements. See the changes list for details.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / fossil

Package

Name: fossil
Purl: pkg:rpm/mageia/fossil?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.2-1.mga7

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2020-0354.json"