[SECURITY] [DLA 2177-1] git security update

2020-04-1512:21:00

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.2%

JSON

Package : git
Version : 1:2.1.4-2.1+deb8u9
CVE ID : CVE-2020-5260

Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast,
scalable, distributed revision control system. With a crafted URL that
contains a newline, the credential helper machinery can be fooled to
return credential information for a wrong host.

For Debian 8 "Jessie", this problem has been fixed in version
1:2.1.4-2.1+deb8u9.

We recommend that you upgrade your git packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9s390xgit< 1:2.11.0-3+deb9u6git_1:2.11.0-3+deb9u6_s390x.deb
Debian10allgit-email< 1:2.20.1-2+deb10u2git-email_1:2.20.1-2+deb10u2_all.deb
Debian8allgit-email< 1:2.1.4-2.1+deb8u9git-email_1:2.1.4-2.1+deb8u9_all.deb
Debian10ppc64elgit< 1:2.20.1-2+deb10u2git_1:2.20.1-2+deb10u2_ppc64el.deb
Debian8allgit-arch< 1:2.1.4-2.1+deb8u9git-arch_1:2.1.4-2.1+deb8u9_all.deb
Debian9allgit-doc< 1:2.11.0-3+deb9u6git-doc_1:2.11.0-3+deb9u6_all.deb
Debian10allgitweb< 1:2.20.1-2+deb10u2gitweb_1:2.20.1-2+deb10u2_all.deb
Debian8i386git< 1:2.1.4-2.1+deb8u9git_1:2.1.4-2.1+deb8u9_i386.deb
Debian9allgitk< 1:2.11.0-3+deb9u6gitk_1:2.11.0-3+deb9u6_all.deb
Debian10i386git-dbgsym< 1:2.20.1-2+deb10u2git-dbgsym_1:2.20.1-2+deb10u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	s390x	git	< 1:2.11.0-3+deb9u6	git_1:2.11.0-3+deb9u6_s390x.deb
Debian	10	all	git-email	< 1:2.20.1-2+deb10u2	git-email_1:2.20.1-2+deb10u2_all.deb
Debian	8	all	git-email	< 1:2.1.4-2.1+deb8u9	git-email_1:2.1.4-2.1+deb8u9_all.deb
Debian	10	ppc64el	git	< 1:2.20.1-2+deb10u2	git_1:2.20.1-2+deb10u2_ppc64el.deb
Debian	8	all	git-arch	< 1:2.1.4-2.1+deb8u9	git-arch_1:2.1.4-2.1+deb8u9_all.deb
Debian	9	all	git-doc	< 1:2.11.0-3+deb9u6	git-doc_1:2.11.0-3+deb9u6_all.deb
Debian	10	all	gitweb	< 1:2.20.1-2+deb10u2	gitweb_1:2.20.1-2+deb10u2_all.deb
Debian	8	i386	git	< 1:2.1.4-2.1+deb8u9	git_1:2.1.4-2.1+deb8u9_i386.deb
Debian	9	all	gitk	< 1:2.11.0-3+deb9u6	gitk_1:2.11.0-3+deb9u6_all.deb
Debian	10	i386	git-dbgsym	< 1:2.20.1-2+deb10u2	git-dbgsym_1:2.20.1-2+deb10u2_i386.deb