It was discovered that gitweb, the web interface for the Git version
control system, contained several vulnerabilities:
Remote attackers could use crafted requests to execute shell commands on
the web server, using the snapshot generation and pickaxe search
functionality (CVE-2008-5916).
Local users with write access to the configuration of a Git repository
served by gitweb could cause gitweb to execute arbitrary shell commands
with the permission of the web server (CVE-2008-5516, CVE-2008-5517).
For the stable distribution (etch), these problems have been fixed in
version 1.4.4.4-4+etch1.
For the unstable distribution (sid) and testing distribution (lenny),
the remote shell command injection issue (CVE-2008-5516) has been fixed
in version 1.5.6-1. The other issue will be fixed soon.
We recommend that you upgrade your Git packages.
CPE | Name | Operator | Version |
---|---|---|---|
git-core | eq | 1:1.4.4.4-2 | |
git-core | eq | 1:1.4.4.4-2.1+etch1 | |
git-core | eq | 1:1.4.4.4-3 | |
git-core | eq | 1:1.4.4.4-4 |