[SECURITY] [DLA 231-1] dulwich security update

2015-05-2719:07:07

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Package : dulwich
Version : 0.6.1-1+deb6u1
CVE ID : CVE-2015-0838

Ivan Fratric of the Google Security Team has found a buffer overflow in
the C implementation of the apply_delta() function, used when accessing
Git objects in pack files. An attacker could take advantage of this flaw
to cause the execution of arbitrary code with the privileges of the user
running a Git server or client based on Dulwich.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 0.6.1-1+deb6u1.
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7sparcpython-dulwich< 0.8.5-2+deb7u2python-dulwich_0.8.5-2+deb7u2_sparc.deb
Debian8mipselpython-dulwich< 0.9.7-3python-dulwich_0.9.7-3_mipsel.deb
Debian8arm64python-dulwich< 0.9.7-3python-dulwich_0.9.7-3_arm64.deb
Debian7s390python-dulwich-dbg< 0.8.5-2+deb7u2python-dulwich-dbg_0.8.5-2+deb7u2_s390.deb
Debian7mipselpython-dulwich-dbg< 0.8.5-2+deb7u2python-dulwich-dbg_0.8.5-2+deb7u2_mipsel.deb
Debian7mipspython-dulwich-dbg< 0.8.5-2+deb7u2python-dulwich-dbg_0.8.5-2+deb7u2_mips.deb
Debian8mipselpython-dulwich-dbg< 0.9.7-3python-dulwich-dbg_0.9.7-3_mipsel.deb
Debian8powerpcpython-dulwich-dbg< 0.9.7-3python-dulwich-dbg_0.9.7-3_powerpc.deb
Debian7s390xpython-dulwich< 0.8.5-2+deb7u2python-dulwich_0.8.5-2+deb7u2_s390x.deb
Debian8mipspython-dulwich< 0.9.7-3python-dulwich_0.9.7-3_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	sparc	python-dulwich	< 0.8.5-2+deb7u2	python-dulwich_0.8.5-2+deb7u2_sparc.deb
Debian	8	mipsel	python-dulwich	< 0.9.7-3	python-dulwich_0.9.7-3_mipsel.deb
Debian	8	arm64	python-dulwich	< 0.9.7-3	python-dulwich_0.9.7-3_arm64.deb
Debian	7	s390	python-dulwich-dbg	< 0.8.5-2+deb7u2	python-dulwich-dbg_0.8.5-2+deb7u2_s390.deb
Debian	7	mipsel	python-dulwich-dbg	< 0.8.5-2+deb7u2	python-dulwich-dbg_0.8.5-2+deb7u2_mipsel.deb
Debian	7	mips	python-dulwich-dbg	< 0.8.5-2+deb7u2	python-dulwich-dbg_0.8.5-2+deb7u2_mips.deb
Debian	8	mipsel	python-dulwich-dbg	< 0.9.7-3	python-dulwich-dbg_0.9.7-3_mipsel.deb
Debian	8	powerpc	python-dulwich-dbg	< 0.9.7-3	python-dulwich-dbg_0.9.7-3_powerpc.deb
Debian	7	s390x	python-dulwich	< 0.8.5-2+deb7u2	python-dulwich_0.8.5-2+deb7u2_s390x.deb
Debian	8	mips	python-dulwich	< 0.9.7-3	python-dulwich_0.9.7-3_mips.deb