Описание
Security update for git
This update for git fixes the following issues:
- CVE-2021-40330: Fixed unexpected cross-protocol requests via newline character in git_connect_git repository path (bsc#1189992).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
git-2.26.2-lp152.2.12.1
git-arch-2.26.2-lp152.2.12.1
git-core-2.26.2-lp152.2.12.1
git-credential-gnome-keyring-2.26.2-lp152.2.12.1
git-credential-libsecret-2.26.2-lp152.2.12.1
git-cvs-2.26.2-lp152.2.12.1
git-daemon-2.26.2-lp152.2.12.1
git-doc-2.26.2-lp152.2.12.1
git-email-2.26.2-lp152.2.12.1
git-gui-2.26.2-lp152.2.12.1
git-p4-2.26.2-lp152.2.12.1
git-svn-2.26.2-lp152.2.12.1
git-web-2.26.2-lp152.2.12.1
gitk-2.26.2-lp152.2.12.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1345-1
- SUSE Security Ratings
- SUSE Bug 1189992
- SUSE CVE CVE-2021-40330 page
Описание
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Затронутые продукты
openSUSE Leap 15.2:git-2.26.2-lp152.2.12.1
openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.12.1
openSUSE Leap 15.2:git-core-2.26.2-lp152.2.12.1
openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.12.1
Ссылки
- CVE-2021-40330
- SUSE Bug 1189992