A vulnerability in Git might allow remote attackers to bypass security restrictions.
Package | dev-vcs/git on all architectures |
---|---|
Affected versions | < 2.13.0 |
Unaffected versions | >= 2.13.0 |
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands.
A remote attacker could possibly bypass security restrictions and access sensitive information.
There is no known workaround at this time.
All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.13.0"
Release date
June 06, 2017
Latest revision
June 06, 2017: 1
Severity
normal
Exploitable
remote
Bugzilla entries