FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  485185
Date:      2018-11-17
Time:      18:00:17Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d2a84feb-ebe0-11e5-92ce-002590263bf5git -- integer overflow

Debian reports:

integer overflow due to a loop which adds more to "len".


Discovery 2016-02-24
Entry 2016-03-18
git
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

git-gui
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

git-lite
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

git-subversion
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

CVE-2016-2324
https://security-tracker.debian.org/tracker/CVE-2016-2324
https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d
93ee802e-ebde-11e5-92ce-002590263bf5git -- potential code execution

Debian reports:

"int" is the wrong data type for ... nlen assignment.


Discovery 2015-09-24
Entry 2016-03-17
git
lt 2.7.0

CVE-2016-2315
http://www.openwall.com/lists/oss-security/2016/03/15/6
https://marc.info/?l=oss-security&m=145809217306686&w=2
https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305
https://security-tracker.debian.org/tracker/CVE-2016-2315
7f645ee5-7681-11e5-8519-005056ac623eGit -- Execute arbitrary code

Git release notes:

Some protocols (like git-remote-ext) can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources (e.g., .gitmodules files in a remote repository), and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to well known and safe ones.


Discovery 2015-09-23
Entry 2015-10-19
Modified 2015-12-12
git
lt 2.6.1

git-gui
lt 2.6.1

git-lite
lt 2.6.1

git-subversion
lt 2.6.1

CVE-2015-7545
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt
http://www.openwall.com/lists/oss-security/2015/12/11/7
c7a135f4-66a4-11e8-9e63-3085a9a47796Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)

The Git community reports:

  • In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
  • In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

Discovery 2018-05-29
Entry 2018-06-02
git
git-lite
lt 2.13.7

ge 2.14 lt 2.14.4

ge 2.15 lt 2.15.2

ge 2.16 lt 2.16.4

ge 2.17 lt 2.17.1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233
CVE-2018-11233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
CVE-2018-11235