USN-6326-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6326-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6326-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6326-1

Related

Published

2023-08-31T18:10:17.500309Z

Modified

2023-08-31T18:10:17.500309Z

Summary

python-git vulnerability

Details

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host.

References

Affected packages

Ubuntu:Pro:14.04:LTS / python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2~RC1-3ubuntu0.1~esm2

Affected versions

0.*

0.3.2~RC1-2

0.3.2~RC1-3

0.3.2~RC1-3ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.3.2~RC1-3ubuntu0.1~esm2",
            "binary_name": "python-git"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2

Affected versions

1.*

1.0.1+git137-gc8b8379-1

1.0.1+git137-gc8b8379-2

1.0.1+git137-gc8b8379-2.1

1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2",
            "binary_name": "python-git"
        },
        {
            "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2",
            "binary_name": "python-git-doc"
        },
        {
            "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2",
            "binary_name": "python3-git"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.8-1ubuntu0.1~esm2

Affected versions

2.*

2.1.5-1

2.1.6-1

2.1.7-1

2.1.8-1

2.1.8-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.1.8-1ubuntu0.1~esm2",
            "binary_name": "python-git"
        },
        {
            "binary_version": "2.1.8-1ubuntu0.1~esm2",
            "binary_name": "python-git-doc"
        },
        {
            "binary_version": "2.1.8-1ubuntu0.1~esm2",
            "binary_name": "python3-git"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.7-1ubuntu0.1~esm2

Affected versions

2.*

2.1.11-1

3.*

3.0.4-1

3.0.5-1

3.0.7-1

3.0.7-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.0.7-1ubuntu0.1~esm2",
            "binary_name": "python-git-doc"
        },
        {
            "binary_version": "3.0.7-1ubuntu0.1~esm2",
            "binary_name": "python3-git"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.24-1ubuntu0.1~esm2

Affected versions

3.*

3.1.14-1

3.1.23-1

3.1.24-1

3.1.24-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.24-1ubuntu0.1~esm2",
            "binary_name": "python-git-doc"
        },
        {
            "binary_version": "3.1.24-1ubuntu0.1~esm2",
            "binary_name": "python3-git"
        }
    ]
}