CVE-2013-0308
Published: 8 March 2013
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Notes
Author | Note |
---|---|
jdstrand | Debian and Ubuntu's git does not enable SSL |
Priority
Status
Package | Release | Status |
---|---|---|
git Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(not the same software)
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
git-core Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Not vulnerable
|