CVE-2008-5517
Published: 13 January 2009
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.
Priority
Status
Package | Release | Status |
---|---|---|
git-core Launchpad, Ubuntu, Debian |
upstream |
Released
(1.6.0.6)
|
dapper |
Not vulnerable
(no gitweb)
|
|
gutsy |
Released
(1:1.5.2.5-2ubuntu0.1)
|
|
hardy |
Released
(1:1.5.4.3-1ubuntu2.1)
|
|
intrepid |
Not vulnerable
(1:1.5.6.3-1.1ubuntu2)
|
|
Patches: upstream: http://repo.or.cz/w/git.git?a=commitdiff;h=516381d5 vendor: http://patch-tracking.debian.net/patch/debianonly/view/git-core/1:1.4.4.4-4+etch1 |