Overview

File _patchinfo of Package patchinfo.7316

<patchinfo incident="7316">
  <issue id="2017-14867" tracker="cve"></issue>
  <issue id="1061041" tracker="bnc">VUL-0: CVE-2017-14867: git: cvsserver command injection</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This update for git to version 2.13.6 fixes the following issues:

* CVE-2017-14867: Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input (boo#1061041)

As an additional measure, "git cvsserver" no longer is invoked by "git daemon" by default.
</description>
  <summary>Security update for git</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places