Subject: | |
From: | |
Reply To: | |
Date: | Mon, 4 Mar 2013 16:58:34 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: git security update
Issue Date: 2013-03-04
CVE Numbers: CVE-2013-0308
--
It was discovered that Git's git-imap-send command, a tool to send a
collection of patches from standard input (stdin) to an IMAP folder, did
not properly perform SSL X.509 v3 certificate validation on the IMAP
server's certificate, as it did not ensure that the server's hostname
matched the one provided in the CN field of the server's certificate. A
rogue server could use this flaw to conduct man-in-the-middle attacks,
possibly leading to the disclosure of sensitive information.
(CVE-2013-0308)
--
SL6
x86_64
git-1.7.1-3.el6_4.1.x86_64.rpm
git-daemon-1.7.1-3.el6_4.1.x86_64.rpm
git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm
i386
git-1.7.1-3.el6_4.1.i686.rpm
git-daemon-1.7.1-3.el6_4.1.i686.rpm
git-debuginfo-1.7.1-3.el6_4.1.i686.rpm
noarch
emacs-git-1.7.1-3.el6_4.1.noarch.rpm
emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm
git-all-1.7.1-3.el6_4.1.noarch.rpm
git-cvs-1.7.1-3.el6_4.1.noarch.rpm
git-email-1.7.1-3.el6_4.1.noarch.rpm
git-gui-1.7.1-3.el6_4.1.noarch.rpm
git-svn-1.7.1-3.el6_4.1.noarch.rpm
gitk-1.7.1-3.el6_4.1.noarch.rpm
gitweb-1.7.1-3.el6_4.1.noarch.rpm
perl-Git-1.7.1-3.el6_4.1.noarch.rpm
The following packages were added for dependency resolution
SL6
x86_64
minizip-1.2.3-29.el6.i686.rpm
minizip-1.2.3-29.el6.x86_64.rpm
minizip-devel-1.2.3-29.el6.i686.rpm
minizip-devel-1.2.3-29.el6.x86_64.rpm
i386
minizip-1.2.3-29.el6.i686.rpm
minizip-devel-1.2.3-29.el6.i686.rpm
- Scientific Linux Development Team
|
|
|