An update for git is now available for openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1210
Final
1.0
1.0
2021-06-07
Initial
2021-06-07
2021-06-07
openEuler SA Tool V1.0
2021-06-07
git security update
An update for git is now available for openEuler-20.03-LTS-SP1.
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.
Security Fix(es):
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.(CVE-2021-29468)
An update for git is now available for openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
git
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1210
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-29468
https://nvd.nist.gov/vuln/detail/CVE-2021-29468
openEuler-20.03-LTS-SP1
git-debuginfo-2.27.0-4.oe1.aarch64.rpm
git-debugsource-2.27.0-4.oe1.aarch64.rpm
git-daemon-2.27.0-4.oe1.aarch64.rpm
git-2.27.0-4.oe1.aarch64.rpm
perl-Git-SVN-2.27.0-4.oe1.noarch.rpm
git-svn-2.27.0-4.oe1.noarch.rpm
git-help-2.27.0-4.oe1.noarch.rpm
perl-Git-2.27.0-4.oe1.noarch.rpm
git-gui-2.27.0-4.oe1.noarch.rpm
git-web-2.27.0-4.oe1.noarch.rpm
gitk-2.27.0-4.oe1.noarch.rpm
git-email-2.27.0-4.oe1.noarch.rpm
git-2.27.0-4.oe1.src.rpm
git-2.27.0-4.oe1.x86_64.rpm
git-daemon-2.27.0-4.oe1.x86_64.rpm
git-debuginfo-2.27.0-4.oe1.x86_64.rpm
git-debugsource-2.27.0-4.oe1.x86_64.rpm
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.
2021-06-07
CVE-2021-29468
openEuler-20.03-LTS-SP1
High
8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
git security update
2021-06-07
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1210