git-2.11.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10099-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z git-2.11.0-1.1 on GA media These are all security issues fixed in the git-2.11.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10099 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-2186/ SUSE CVE CVE-2011-2186 page https://www.suse.com/security/cve/CVE-2014-9390/ SUSE CVE CVE-2014-9390 page https://www.suse.com/security/cve/CVE-2016-2315/ SUSE CVE CVE-2016-2315 page https://www.suse.com/security/cve/CVE-2016-2324/ SUSE CVE CVE-2016-2324 page openSUSE Tumbleweed git-2.11.0-1.1 git-arch-2.11.0-1.1 git-core-2.11.0-1.1 git-credential-gnome-keyring-2.11.0-1.1 git-cvs-2.11.0-1.1 git-daemon-2.11.0-1.1 git-doc-2.11.0-1.1 git-email-2.11.0-1.1 git-gui-2.11.0-1.1 git-svn-2.11.0-1.1 git-web-2.11.0-1.1 gitk-2.11.0-1.1 git-2.11.0-1.1 as a component of openSUSE Tumbleweed git-arch-2.11.0-1.1 as a component of openSUSE Tumbleweed git-core-2.11.0-1.1 as a component of openSUSE Tumbleweed git-credential-gnome-keyring-2.11.0-1.1 as a component of openSUSE Tumbleweed git-cvs-2.11.0-1.1 as a component of openSUSE Tumbleweed git-daemon-2.11.0-1.1 as a component of openSUSE Tumbleweed git-doc-2.11.0-1.1 as a component of openSUSE Tumbleweed git-email-2.11.0-1.1 as a component of openSUSE Tumbleweed git-gui-2.11.0-1.1 as a component of openSUSE Tumbleweed git-svn-2.11.0-1.1 as a component of openSUSE Tumbleweed git-web-2.11.0-1.1 as a component of openSUSE Tumbleweed gitk-2.11.0-1.1 as a component of openSUSE Tumbleweed ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2011-2186 openSUSE Tumbleweed:git-2.11.0-1.1 openSUSE Tumbleweed:git-arch-2.11.0-1.1 openSUSE Tumbleweed:git-core-2.11.0-1.1 openSUSE Tumbleweed:git-credential-gnome-keyring-2.11.0-1.1 openSUSE Tumbleweed:git-cvs-2.11.0-1.1 openSUSE Tumbleweed:git-daemon-2.11.0-1.1 openSUSE Tumbleweed:git-doc-2.11.0-1.1 openSUSE Tumbleweed:git-email-2.11.0-1.1 openSUSE Tumbleweed:git-gui-2.11.0-1.1 openSUSE Tumbleweed:git-svn-2.11.0-1.1 openSUSE Tumbleweed:git-web-2.11.0-1.1 openSUSE Tumbleweed:gitk-2.11.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2186.html CVE-2011-2186 https://bugzilla.suse.com/698456 SUSE Bug 698456 Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. CVE-2014-9390 openSUSE Tumbleweed:git-2.11.0-1.1 openSUSE Tumbleweed:git-arch-2.11.0-1.1 openSUSE Tumbleweed:git-core-2.11.0-1.1 openSUSE Tumbleweed:git-credential-gnome-keyring-2.11.0-1.1 openSUSE Tumbleweed:git-cvs-2.11.0-1.1 openSUSE Tumbleweed:git-daemon-2.11.0-1.1 openSUSE Tumbleweed:git-doc-2.11.0-1.1 openSUSE Tumbleweed:git-email-2.11.0-1.1 openSUSE Tumbleweed:git-gui-2.11.0-1.1 openSUSE Tumbleweed:git-svn-2.11.0-1.1 openSUSE Tumbleweed:git-web-2.11.0-1.1 openSUSE Tumbleweed:gitk-2.11.0-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9390.html CVE-2014-9390 https://bugzilla.suse.com/910756 SUSE Bug 910756 https://bugzilla.suse.com/925040 SUSE Bug 925040 revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. CVE-2016-2315 openSUSE Tumbleweed:git-2.11.0-1.1 openSUSE Tumbleweed:git-arch-2.11.0-1.1 openSUSE Tumbleweed:git-core-2.11.0-1.1 openSUSE Tumbleweed:git-credential-gnome-keyring-2.11.0-1.1 openSUSE Tumbleweed:git-cvs-2.11.0-1.1 openSUSE Tumbleweed:git-daemon-2.11.0-1.1 openSUSE Tumbleweed:git-doc-2.11.0-1.1 openSUSE Tumbleweed:git-email-2.11.0-1.1 openSUSE Tumbleweed:git-gui-2.11.0-1.1 openSUSE Tumbleweed:git-svn-2.11.0-1.1 openSUSE Tumbleweed:git-web-2.11.0-1.1 openSUSE Tumbleweed:gitk-2.11.0-1.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2315.html CVE-2016-2315 https://bugzilla.suse.com/971328 SUSE Bug 971328 Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. CVE-2016-2324 openSUSE Tumbleweed:git-2.11.0-1.1 openSUSE Tumbleweed:git-arch-2.11.0-1.1 openSUSE Tumbleweed:git-core-2.11.0-1.1 openSUSE Tumbleweed:git-credential-gnome-keyring-2.11.0-1.1 openSUSE Tumbleweed:git-cvs-2.11.0-1.1 openSUSE Tumbleweed:git-daemon-2.11.0-1.1 openSUSE Tumbleweed:git-doc-2.11.0-1.1 openSUSE Tumbleweed:git-email-2.11.0-1.1 openSUSE Tumbleweed:git-gui-2.11.0-1.1 openSUSE Tumbleweed:git-svn-2.11.0-1.1 openSUSE Tumbleweed:git-web-2.11.0-1.1 openSUSE Tumbleweed:gitk-2.11.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2324.html CVE-2016-2324 https://bugzilla.suse.com/971328 SUSE Bug 971328