Debian Security Advisory DSA-3206-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2015 http://www.debian.org/security/faq
Package : dulwich
CVE ID : CVE-2014-9706 CVE-2015-0838
Debian Bug : 780958 780989
Multiple vulnerabilities have been discovered in Dulwich, a Python
implementation of the file formats and protocols used by the Git version
control system. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2014-9706
It was discovered that Dulwich allows writing to files under .git/
when checking out working trees. This could lead to the execution of
arbitrary code with the privileges of the user running an
application based on Dulwich.
CVE-2015-0838
Ivan Fratric of the Google Security Team has found a buffer
overflow in the C implementation of the apply_delta() function,
used when accessing Git objects in pack files. An attacker could
take advantage of this flaw to cause the execution of arbitrary
code with the privileges of the user running a Git server or client
based on Dulwich.
For the stable distribution (wheezy), these problems have been fixed in
version 0.8.5-2+deb7u2.
For the upcoming stable distribution (jessie), these problems have been
fixed in version 0.9.7-3.
For the unstable distribution (sid), these problems have been fixed in
version 0.10.1-1.
We recommend that you upgrade your dulwich packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | powerpc | python-dulwich | < 0.9.7-3 | python-dulwich_0.9.7-3_powerpc.deb |
Debian | 7 | mips | python-dulwich-dbg | < 0.8.5-2+deb7u2 | python-dulwich-dbg_0.8.5-2+deb7u2_mips.deb |
Debian | 7 | all | dulwich | < 0.8.5-2+deb7u2 | dulwich_0.8.5-2+deb7u2_all.deb |
Debian | 8 | kfreebsd-amd64 | python-dulwich | < 0.9.7-3 | python-dulwich_0.9.7-3_kfreebsd-amd64.deb |
Debian | 7 | s390x | python-dulwich-dbg | < 0.8.5-2+deb7u2 | python-dulwich-dbg_0.8.5-2+deb7u2_s390x.deb |
Debian | 8 | i386 | python-dulwich-dbg | < 0.9.7-3 | python-dulwich-dbg_0.9.7-3_i386.deb |
Debian | 7 | i386 | python-dulwich-dbg | < 0.8.5-2+deb7u2 | python-dulwich-dbg_0.8.5-2+deb7u2_i386.deb |
Debian | 7 | s390 | python-dulwich | < 0.8.5-2+deb7u2 | python-dulwich_0.8.5-2+deb7u2_s390.deb |
Debian | 7 | powerpc | python-dulwich | < 0.8.5-2+deb7u2 | python-dulwich_0.8.5-2+deb7u2_powerpc.deb |
Debian | 8 | mips | python-dulwich | < 0.9.7-3 | python-dulwich_0.9.7-3_mips.deb |