USN-4220-1
- Source
- https://ubuntu.com/security/notices/USN-4220-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4220-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4220-1
- Upstream
- Related
- Published
- 2019-12-10T19:00:07.743987Z
- Modified
- 2025-10-13T04:35:00Z
- Summary
- git vulnerabilities
- Details
-
Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
- References
-
- https://ubuntu.com/security/notices/USN-4220-1
- https://ubuntu.com/security/CVE-2019-1348
- https://ubuntu.com/security/CVE-2019-1349
- https://ubuntu.com/security/CVE-2019-1350
- https://ubuntu.com/security/CVE-2019-1351
- https://ubuntu.com/security/CVE-2019-1352
- https://ubuntu.com/security/CVE-2019-1353
- https://ubuntu.com/security/CVE-2019-1354
- https://ubuntu.com/security/CVE-2019-1387
- https://ubuntu.com/security/CVE-2019-19604
Affected packages
Ubuntu:16.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.7.4-0ubuntu1.7?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.7.4-0ubuntu1.7
Affected versions
1:2.*
1:2.5.0-1
1:2.6.2-1
1:2.6.3-1
1:2.6.4-1
1:2.7.0~rc3-1
1:2.7.0-1
1:2.7.3-0ubuntu1
1:2.7.4-0ubuntu1
1:2.7.4-0ubuntu1.1
1:2.7.4-0ubuntu1.2
1:2.7.4-0ubuntu1.3
1:2.7.4-0ubuntu1.4
1:2.7.4-0ubuntu1.5
1:2.7.4-0ubuntu1.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-all"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-arch"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-core"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-cvs"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-daemon-run"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-daemon-sysvinit"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-el"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-email"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-gui"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-man"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-mediawiki"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "git-svn"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "gitk"
},
{
"binary_version": "1:2.7.4-0ubuntu1.7",
"binary_name": "gitweb"
}
]
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:16.04:LTS",
"cves": [
{
"id": "CVE-2019-1348",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1349",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2019-1350",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1351",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1352",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1353",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1354",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2019-1387",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}
Ubuntu:18.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.17.1-1ubuntu0.5?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.17.1-1ubuntu0.5
Affected versions
1:2.*
1:2.14.1-1ubuntu4
1:2.15.1-1ubuntu2
1:2.17.0-1ubuntu1
1:2.17.1-1ubuntu0.1
1:2.17.1-1ubuntu0.3
1:2.17.1-1ubuntu0.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-all"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-cvs"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-daemon-run"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-daemon-sysvinit"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-el"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-email"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-gui"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-man"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-mediawiki"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "git-svn"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "gitk"
},
{
"binary_version": "1:2.17.1-1ubuntu0.5",
"binary_name": "gitweb"
}
]
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:18.04:LTS",
"cves": [
{
"id": "CVE-2019-1348",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1349",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2019-1350",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1351",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1352",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1353",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2019-1354",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2019-1387",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}