FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-30 04:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d2c6173f-e43b-11ed-a1d7-002590f2a714	git -- Multiple vulnerabilities git developers reports: This update includes 2 security fixes: CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch) CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on Discovery 2023-04-25 Entry 2023-04-26 git < 2.40.1 git-lite < 2.40.1 git-tiny < 2.40.1 CVE-2023-25652 https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx CVE-2023-29007 https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8	git -- multiple vulnerabilities Git development team reports: CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the user susceptible to crafted URLs (e.g. in recursive clones) that mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead. CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to credential helpers which use line-reading functions that interpret said Carriage Returns as line endings, even though Git did not intend that. Discovery 2024-10-29 Entry 2025-01-14 git git-cvs git-gui git-p4 git-svn < 2.48.1 CVE-2024-50349 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr CVE-2024-52006 https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp

VuXML ID

Description

d2c6173f-e43b-11ed-a1d7-002590f2a714

git -- Multiple vulnerabilities

git developers reports:

This update includes 2 security fixes:

CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch)

CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on

Discovery 2023-04-25
Entry 2023-04-26
git

< 2.40.1

git-lite

< 2.40.1

git-tiny

< 2.40.1

CVE-2023-25652
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
CVE-2023-29007
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844

3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8

git -- multiple vulnerabilities

Git development team reports:

CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the user susceptible to crafted URLs (e.g. in recursive clones) that mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead.

CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to credential helpers which use line-reading functions that interpret said Carriage Returns as line endings, even though Git did not intend that.

Discovery 2024-10-29
Entry 2025-01-14
git
git-cvs
git-gui
git-p4
git-svn

< 2.48.1

CVE-2024-50349
https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr
CVE-2024-52006
https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp