USN-6050-1

Source

https://ubuntu.com/security/notices/USN-6050-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6050-1.json

Related

Published

2023-05-01T09:37:06.779501Z

Modified

2023-05-01T09:37:06.779501Z

Summary

git vulnerabilities

Details

It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. (CVE-2023-25652)

Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. (CVE-2023-25815)

André Baptista and Vítor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection. (CVE-2023-29007)

References

Affected packages

Ubuntu:22.04:LTS / git

Package

Name: git

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.34.1-1ubuntu1.9

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "git-daemon-sysvinit": "1:2.34.1-1ubuntu1.9",
            "git-daemon-run": "1:2.34.1-1ubuntu1.9",
            "git-email": "1:2.34.1-1ubuntu1.9",
            "git-mediawiki": "1:2.34.1-1ubuntu1.9",
            "git": "1:2.34.1-1ubuntu1.9",
            "git-svn": "1:2.34.1-1ubuntu1.9",
            "gitk": "1:2.34.1-1ubuntu1.9",
            "git-cvs": "1:2.34.1-1ubuntu1.9",
            "gitweb": "1:2.34.1-1ubuntu1.9",
            "git-man": "1:2.34.1-1ubuntu1.9",
            "git-gui": "1:2.34.1-1ubuntu1.9",
            "git-all": "1:2.34.1-1ubuntu1.9",
            "git-doc": "1:2.34.1-1ubuntu1.9"
        }
    ]
}

Ubuntu:20.04:LTS / git

Package

Name: git

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.25.1-1ubuntu3.11

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "git-daemon-run": "1:2.25.1-1ubuntu3.11",
            "git-email": "1:2.25.1-1ubuntu3.11",
            "git-mediawiki": "1:2.25.1-1ubuntu3.11",
            "git": "1:2.25.1-1ubuntu3.11",
            "git-el": "1:2.25.1-1ubuntu3.11",
            "git-cvs": "1:2.25.1-1ubuntu3.11",
            "git-doc": "1:2.25.1-1ubuntu3.11",
            "gitk": "1:2.25.1-1ubuntu3.11",
            "git-daemon-sysvinit": "1:2.25.1-1ubuntu3.11",
            "git-svn": "1:2.25.1-1ubuntu3.11",
            "gitweb": "1:2.25.1-1ubuntu3.11",
            "git-man": "1:2.25.1-1ubuntu3.11",
            "git-gui": "1:2.25.1-1ubuntu3.11",
            "git-all": "1:2.25.1-1ubuntu3.11"
        }
    ]
}

Ubuntu:18.04:LTS / git

Package

Name: git

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:2.17.1-1ubuntu0.18

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "git-daemon-run": "1:2.17.1-1ubuntu0.18",
            "git-email": "1:2.17.1-1ubuntu0.18",
            "git-mediawiki": "1:2.17.1-1ubuntu0.18",
            "git": "1:2.17.1-1ubuntu0.18",
            "git-el": "1:2.17.1-1ubuntu0.18",
            "git-cvs": "1:2.17.1-1ubuntu0.18",
            "git-doc": "1:2.17.1-1ubuntu0.18",
            "gitk": "1:2.17.1-1ubuntu0.18",
            "git-daemon-sysvinit": "1:2.17.1-1ubuntu0.18",
            "git-svn": "1:2.17.1-1ubuntu0.18",
            "gitweb": "1:2.17.1-1ubuntu0.18",
            "git-man": "1:2.17.1-1ubuntu0.18",
            "git-gui": "1:2.17.1-1ubuntu0.18",
            "git-all": "1:2.17.1-1ubuntu0.18"
        }
    ]
}