CVE-2017-14867

Priority
Medium
Description
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x
before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support
subcommands such as cvsserver, which allows attackers to execute arbitrary
OS commands via shell metacharacters in a module name. The vulnerable code
is reachable via git-shell even without CVS support.
References
Bugs
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.14.2-1)
Ubuntu 17.10 (Artful Aardvark):released (1:2.14.1-1ubuntu4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.7)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.3)
Ubuntu 17.04 (Zesty Zapus):released (1:2.11.0-2ubuntu0.3)
Patches:
Vendor:http://repo.or.cz/git/debian.git/commit/ad86ba2e77a442db38510bcc5e5283872df49d88
More Information

Updated: 2017-10-05 13:14:34 UTC (commit 13458)