UBUNTU-CVE-2014-9390

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2014-9390
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-9390.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-9390
Related
Published
2014-12-19T00:00:00Z
Modified
2024-10-15T14:05:47Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

References

Affected packages

Ubuntu:14.04:LTS / git

Package

Name
git
Purl
pkg:deb/ubuntu/git?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.9.1-1ubuntu0.1

Affected versions

1:1.*

1:1.8.3.2-1
1:1.8.4.2-1
1:1.8.4.3-1
1:1.8.4.4-1
1:1.8.5-1
1:1.8.5.1-1
1:1.8.5.2-1
1:1.8.5.2-2
1:1.8.5.3-1
1:1.9~rc1-1
1:1.9.0-1
1:1.9.1-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-all"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-arch"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-bzr"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-core"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-cvs"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-daemon-run"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-daemon-sysvinit"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-doc"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-el"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-email"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-gui"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-man"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-mediawiki"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "git-svn"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "gitk"
        },
        {
            "binary_version": "1:1.9.1-1ubuntu0.1",
            "binary_name": "gitweb"
        }
    ]
}

Ubuntu:14.04:LTS / mercurial

Package

Name
mercurial
Purl
pkg:deb/ubuntu/mercurial?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.2-1ubuntu1.3

Affected versions

2.*

2.6.3-1
2.7.2-1
2.8.1-2
2.8.2-1ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.8.2-1ubuntu1.3",
            "binary_name": "mercurial"
        },
        {
            "binary_version": "2.8.2-1ubuntu1.3",
            "binary_name": "mercurial-common"
        },
        {
            "binary_version": "2.8.2-1ubuntu1.3",
            "binary_name": "mercurial-dbgsym"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / libgit2

Package

Name
libgit2
Purl
pkg:deb/ubuntu/libgit2?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.19.0-2
0.19.0-2ubuntu0.4
0.19.0-2ubuntu0.4+esm1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:16.04:LTS / jgit

Package

Name
jgit
Purl
pkg:deb/ubuntu/jgit?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.1-2

Affected versions

3.*

3.7.1-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.7.1-2",
            "binary_name": "jgit-cli"
        },
        {
            "binary_version": "3.7.1-2",
            "binary_name": "libjgit-ant-java"
        },
        {
            "binary_version": "3.7.1-2",
            "binary_name": "libjgit-java"
        },
        {
            "binary_version": "3.7.1-2",
            "binary_name": "libjgit-java-doc"
        }
    ]
}

Ubuntu:16.04:LTS / libgit2

Package

Name
libgit2
Purl
pkg:deb/ubuntu/libgit2?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.24.1-2

Affected versions

0.*

0.22.2-2
0.23.1-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.24.1-2",
            "binary_name": "libgit2-24"
        },
        {
            "binary_version": "0.24.1-2",
            "binary_name": "libgit2-24-dbgsym"
        },
        {
            "binary_version": "0.24.1-2",
            "binary_name": "libgit2-dev"
        }
    ]
}