- ------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git-annex CVE ID : CVE-2017-12976 Debian Bug : 873088 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. For the oldstable distribution (jessie), this problem has been fixed in version 5.20141125+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 6.20170101-1+deb9u1. We recommend that you upgrade your git-annex packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-4010-1: git-annex security update
It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command.
