Lucene search
GoogleOSV:DSA-3206-1HistoryMar 28, 2015 - 12:00 a.m.
dulwich - security update
2015-03-2800:00:00
Google
osv.dev
4
0.164 Low
EPSS
Percentile
96.0%
Multiple vulnerabilities have been discovered in Dulwich, a Python
implementation of the file formats and protocols used by the Git version
control system. The Common Vulnerabilities and Exposures project
identifies the following problems:
- CVE-2014-9706
It was discovered that Dulwich allows writing to files under .git/
when checking out working trees. This could lead to the execution of
arbitrary code with the privileges of the user running an
application based on Dulwich. - CVE-2015-0838
Ivan Fratric of the Google Security Team has found a buffer
overflow in the C implementation of the apply_delta() function,
used when accessing Git objects in pack files. An attacker could
take advantage of this flaw to cause the execution of arbitrary
code with the privileges of the user running a Git server or client
based on Dulwich.
For the stable distribution (wheezy), these problems have been fixed in
version 0.8.5-2+deb7u2.
For the upcoming stable distribution (jessie), these problems have been
fixed in version 0.9.7-3.
For the unstable distribution (sid), these problems have been fixed in
version 0.10.1-1.
We recommend that you upgrade your dulwich packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dulwich | eq | 0.8.5-2 | |
| dulwich | eq | 0.8.5-2+deb7u1 |
References
Related
debian
debian
[SECURITY] [DSA 3206-1] dulwich security update
2015-03-28 13:22:01
[SECURITY] [DSA 3206-1] dulwich security update
2015-03-28 13:22:01
[SECURITY] [DLA 231-1] dulwich security update
2015-05-27 19:07:07
openvas
openvas
Debian: Security Advisory (DSA-3206-1)
2015-03-27 00:00:00
Debian Security Advisory DSA 3206-1 (dulwich - security update)
2015-03-28 00:00:00
Mageia: Security Advisory (MGASA-2015-0157)
2022-01-28 00:00:00
securityvulns
securityvulns
dulwich security vulnerabilities
2015-04-19 00:00:00
[SECURITY] [DSA 3206-1] dulwich security update
2015-04-19 00:00:00
nessus
nessus
Debian DSA-3206-1 : dulwich - security update
2015-03-30 00:00:00
Fedora 20 : python-dulwich-0.10.0-1.fc20 (2015-4534)
2015-04-13 00:00:00
Fedora 22 : python-dulwich-0.10.0-1.fc22 (2015-4639)
2015-04-22 00:00:00
mageia
mageia
Updated python-dulwich packages fix security vulnerabilities
2015-04-15 20:22:53
fedora
fedora
[SECURITY] Fedora 22 Update: python-dulwich-0.10.0-1.fc22
2015-04-21 18:52:56
[SECURITY] Fedora 21 Update: python-dulwich-0.10.0-1.fc21
2015-04-10 07:28:15
[SECURITY] Fedora 20 Update: python-dulwich-0.10.0-1.fc20
2015-04-10 07:31:45
github
github
Dulwich Arbitrary code execution via commit with directory path starting with .git
2022-05-17 04:14:03
Dulwich Buffer Overflow when handling pack files
2022-05-17 04:14:09
debiancve
debiancve
CVE-2014-9706
2015-03-31 14:59:04
CVE-2015-0838
2015-03-31 14:59:08
cvelist
cvelist
CVE-2014-9706
2015-03-31 14:00:00
CVE-2015-0838
2015-03-31 14:00:00
nvd
nvd
CVE-2014-9706
2015-03-31 14:59:04
CVE-2015-0838
2015-03-31 14:59:08
prion
prion
Design/Logic Flaw
2015-03-31 14:59:00
Buffer overflow
2015-03-31 14:59:00
ubuntucve
ubuntucve
CVE-2014-9706
2015-03-31 00:00:00
CVE-2015-0838
2015-03-31 00:00:00
osv
osv
PYSEC-2015-34
2015-03-31 14:59:00
PYSEC-2015-35
2015-03-31 14:59:00
Dulwich Buffer Overflow when handling pack files
2022-05-17 04:14:09
cve
cve
CVE-2014-9706
2015-03-31 14:59:04
CVE-2015-0838
2015-03-31 14:59:08
freebsd
freebsd
Dulwich -- Remote code execution
2015-01-07 00:00:00