Candidate: CVE-2018-10857
PublicDate: 2018-07-16 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10857
 http://www.openwall.com/lists/oss-security/2018/06/26/4
 https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
Description:
 git-annex is vulnerable to a private data exposure and exfiltration attack.
 It could expose the content of files located outside the git-annex
 repository, or content from a private web server on localhost or the LAN.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Joey Hess
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_git-annex:
upstream_git-annex: released (6.20180626-1)
precise/esm_git-annex: DNE
trusty_git-annex: ignored (reached end-of-life)
trusty/esm_git-annex: DNE (trusty was needs-triage)
xenial_git-annex: ignored (end of standard support, was needed)
artful_git-annex: ignored (reached end-of-life)
bionic_git-annex: needed
cosmic_git-annex: ignored (reached end-of-life)
disco_git-annex: not-affected (6.20180626-1)
eoan_git-annex: not-affected (7.20190129-3)
focal_git-annex: not-affected (7.20190129-3)
groovy_git-annex: not-affected (7.20190129-3)
hirsute_git-annex: not-affected (7.20190129-3)
impish_git-annex: not-affected (7.20190129-3)
jammy_git-annex: not-affected (7.20190129-3)
devel_git-annex: not-affected (7.20190129-3)