Updated git packages fix security vulnerability
Publication date: 07 Nov 2017Modification date: 07 Nov 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14867
Description
The `git` subcommand `cvsserver` is a Perl script which makes excessive use of the backtick operator to invoke `git`. Unfortunately user input is used within some of those invocations, which can be a OS Command Injection vulnerability (CVE-2017-14867).
References
SRPMS
6/core
- git-2.13.6-1.mga6