FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
67765237-8470-11ea-a283-b42e99a1b9c3malicious URLs can cause git to send a stored credential to wrong server

git security advisory reports:

Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching any URL, and will return some unspecified stored password, leaking the password to an attacker's server.


Discovery 2020-04-20
Entry 2020-04-22
git
ge 2.26.0 lt 2.26.2

ge 2.25.0 lt 2.25.4

ge 2.24.0 lt 2.24.3

ge 2.23.0 lt 2.23.3

ge 2.22.0 lt 2.22.4

ge 2.21.0 lt 2.21.3

ge 2.20.0 lt 2.20.4

ge 2.19.0 lt 2.19.5

ge 2.18.0 lt 2.18.4

ge 0 lt 2.17.5

git-lite
ge 2.26.0 lt 2.26.2

ge 2.25.0 lt 2.25.4

ge 2.24.0 lt 2.24.3

ge 2.23.0 lt 2.23.3

ge 2.22.0 lt 2.22.4

ge 2.21.0 lt 2.21.3

ge 2.20.0 lt 2.20.4

ge 2.19.0 lt 2.19.5

ge 2.18.0 lt 2.18.4

ge 0 lt 2.17.5

git-gui
ge 2.26.0 lt 2.26.2

ge 2.25.0 lt 2.25.4

ge 2.24.0 lt 2.24.3

ge 2.23.0 lt 2.23.3

ge 2.22.0 lt 2.22.4

ge 2.21.0 lt 2.21.3

ge 2.20.0 lt 2.20.4

ge 2.19.0 lt 2.19.5

ge 2.18.0 lt 2.18.4

ge 0 lt 2.17.5

https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
CVE-2020-11008
7f645ee5-7681-11e5-8519-005056ac623eGit -- Execute arbitrary code

Git release notes:

Some protocols (like git-remote-ext) can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources (e.g., .gitmodules files in a remote repository), and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to well known and safe ones.


Discovery 2015-09-23
Entry 2015-10-19
Modified 2015-12-12
git
lt 2.6.1

git-gui
lt 2.6.1

git-lite
lt 2.6.1

git-subversion
lt 2.6.1

CVE-2015-7545
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt
http://www.openwall.com/lists/oss-security/2015/12/11/7
ced2d47e-8469-11ea-a283-b42e99a1b9c3malicious URLs may present credentials to wrong server

git security advisory reports:

Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server for an HTTP request being made to another server, resulting in credentials for the former being sent to the latter.


Discovery 2020-04-14
Entry 2020-04-22
git
ge 2.26.0 lt 2.26.1

ge 2.25.0 lt 2.25.3

ge 2.24.0 lt 2.24.2

ge 2.23.0 lt 2.23.2

ge 2.22.0 lt 2.22.3

ge 2.21.0 lt 2.21.2

ge 2.20.0 lt 2.20.3

ge 2.19.0 lt 2.19.4

ge 2.18.0 lt 2.18.3

ge 0 lt 2.17.4

git-lite
ge 2.26.0 lt 2.26.1

ge 2.25.0 lt 2.25.3

ge 2.24.0 lt 2.24.2

ge 2.23.0 lt 2.23.2

ge 2.22.0 lt 2.22.3

ge 2.21.0 lt 2.21.2

ge 2.20.0 lt 2.20.3

ge 2.19.0 lt 2.19.4

ge 2.18.0 lt 2.18.3

ge 0 lt 2.17.4

git-gui
ge 2.26.0 lt 2.26.1

ge 2.25.0 lt 2.25.3

ge 2.24.0 lt 2.24.2

ge 2.23.0 lt 2.23.2

ge 2.22.0 lt 2.22.3

ge 2.21.0 lt 2.21.2

ge 2.20.0 lt 2.20.3

ge 2.19.0 lt 2.19.4

ge 2.18.0 lt 2.18.3

ge 0 lt 2.17.4

https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
CVE-2020-5260
d2a84feb-ebe0-11e5-92ce-002590263bf5git -- integer overflow

Debian reports:

integer overflow due to a loop which adds more to "len".


Discovery 2016-02-24
Entry 2016-03-18
git
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

git-gui
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

git-lite
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

git-subversion
lt 2.4.11

ge 2.5.0 lt 2.5.5

ge 2.6.0 lt 2.6.6

ge 2.7.0 lt 2.7.4

CVE-2016-2324
https://security-tracker.debian.org/tracker/CVE-2016-2324
https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d