Candidate: CVE-2013-0308
PublicDate: 2013-03-08 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0308
 http://marc.info/?l=git&m=136134619013145&w=2
Description:
 The imap-send command in GIT before 1.8.1.4 does not verify that the server
 hostname matches a domain name in the subject's Common Name (CN) or
 subjectAltName field of the X.509 certificate, which allows
 man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
 certificate.
Ubuntu-Description:
Notes:
 jdstrand> Debian and Ubuntu's git does not enable SSL
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_git-core:
upstream_git-core: not-affected
hardy_git-core: ignored (reached end-of-life)
lucid_git-core: not-affected
oneiric_git-core: DNE
precise_git-core: DNE
quantal_git-core: DNE
devel_git-core: DNE

Patches_git:
upstream_git: not-affected
hardy_git: not-affected (not the same software)
lucid_git: DNE
oneiric_git: not-affected
precise_git: not-affected
quantal_git: not-affected
devel_git: not-affected