Candidate: CVE-2018-10859
PublicDate: 2018-07-16 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10859
 http://www.openwall.com/lists/oss-security/2018/06/26/4
 https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
Description:
 git-annex is vulnerable to an Information Exposure when decrypting files. A
 malicious server for a special remote could trick git-annex into decrypting
 a file that was encrypted to the user's gpg key. This attack could be used
 to expose encrypted data that was never stored in git-annex
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Daniel Dent and Joey Hess
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_git-annex:
upstream_git-annex: released (6.20180626-1)
precise/esm_git-annex: DNE
trusty_git-annex: ignored (reached end-of-life)
trusty/esm_git-annex: DNE (trusty was needs-triage)
xenial_git-annex: ignored (end of standard support, was needed)
artful_git-annex: ignored (reached end-of-life)
bionic_git-annex: needed
cosmic_git-annex: ignored (reached end-of-life)
disco_git-annex: not-affected (6.20180626-1)
eoan_git-annex: not-affected (7.20190129-3)
focal_git-annex: not-affected (7.20190129-3)
groovy_git-annex: not-affected (7.20190129-3)
hirsute_git-annex: not-affected (7.20190129-3)
impish_git-annex: not-affected (7.20190129-3)
jammy_git-annex: not-affected (7.20190129-3)
devel_git-annex: not-affected (7.20190129-3)