FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d9fe59ea-1940-11e8-9eb8-5404a68ad561	cvs -- Remote code execution via ssh command injection Hank Leininger reports: Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone ssh://-oProxyCommand=some-command... CVS has a similar problem with the -d option: Tested vanilla CVS 1.12.13, and Gentoo CVS 1.12.12-r11. Discovery 2017-08-10 Entry 2018-02-24 cvs < 1.20120905_5 http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10 CVE-2017-12836 ports/226088

VuXML ID

Description

d9fe59ea-1940-11e8-9eb8-5404a68ad561

cvs -- Remote code execution via ssh command injection

Hank Leininger reports:

Bugs in Git, Subversion, and Mercurial were just announced and patched which allowed arbitrary local command execution if a malicious name was used for the remote server, such as starting with - to pass options to the ssh client: git clone ssh://-oProxyCommand=some-command... CVS has a similar problem with the -d option:

Tested vanilla CVS 1.12.13, and Gentoo CVS 1.12.12-r11.

Discovery 2017-08-10
Entry 2018-02-24
cvs

< 1.20120905_5

http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10
CVE-2017-12836
ports/226088