CVE-2017-12976

Priority
Description
git-annex before 6.20170818 allows remote attackers to execute arbitrary
commands via an ssh URL with an initial dash character in the hostname, as
demonstrated by an ssh://-eProxyCommand= URL, a related issue to
CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
Notes
seth-arnoldsecurity-fake-sync fails with "Original tarballs differ. Aborting"
Package
Upstream:released (6.20170818-1)
Ubuntu 18.04 LTS:not-affected (6.20170818-1)
Ubuntu 20.04 LTS:not-affected (6.20170818-1)
Ubuntu 21.10:not-affected (6.20170818-1)
Ubuntu 22.04 LTS:not-affected (6.20170818-1)
Ubuntu 14.04 ESM:DNE (trusty was needed)
Patches:
More Information

Updated: 2022-04-25 00:19:13 UTC (commit ecc1009cb19540b950de59270950018900f37f15)