CVE-2017-14867 (retired)

Priority
Description
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x
before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support
subcommands such as cvsserver, which allows attackers to execute arbitrary
OS commands via shell metacharacters in a module name. The vulnerable code
is reachable via git-shell even without CVS support.
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.14.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.7)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.3)
Patches:
Vendor:http://repo.or.cz/git/debian.git/commit/ad86ba2e77a442db38510bcc5e5283872df49d88
More Information

Updated: 2019-03-26 12:25:07 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)