Synopsis: Moderate: git security update Issue Date: 2013-03-04 CVE Numbers: CVE-2013-0308 -- It was discovered that Git's git-imap-send command, a tool to send a collection of patches from standard input (stdin) to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server's certificate, as it did not ensure that the server's hostname matched the one provided in the CN field of the server's certificate. A rogue server could use this flaw to conduct man-in-the-middle attacks, possibly leading to the disclosure of sensitive information. (CVE-2013-0308) -- SL6 x86_64 git-1.7.1-3.el6_4.1.x86_64.rpm git-daemon-1.7.1-3.el6_4.1.x86_64.rpm git-debuginfo-1.7.1-3.el6_4.1.x86_64.rpm i386 git-1.7.1-3.el6_4.1.i686.rpm git-daemon-1.7.1-3.el6_4.1.i686.rpm git-debuginfo-1.7.1-3.el6_4.1.i686.rpm noarch emacs-git-1.7.1-3.el6_4.1.noarch.rpm emacs-git-el-1.7.1-3.el6_4.1.noarch.rpm git-all-1.7.1-3.el6_4.1.noarch.rpm git-cvs-1.7.1-3.el6_4.1.noarch.rpm git-email-1.7.1-3.el6_4.1.noarch.rpm git-gui-1.7.1-3.el6_4.1.noarch.rpm git-svn-1.7.1-3.el6_4.1.noarch.rpm gitk-1.7.1-3.el6_4.1.noarch.rpm gitweb-1.7.1-3.el6_4.1.noarch.rpm perl-Git-1.7.1-3.el6_4.1.noarch.rpm The following packages were added for dependency resolution SL6 x86_64 minizip-1.2.3-29.el6.i686.rpm minizip-1.2.3-29.el6.x86_64.rpm minizip-devel-1.2.3-29.el6.i686.rpm minizip-devel-1.2.3-29.el6.x86_64.rpm i386 minizip-1.2.3-29.el6.i686.rpm minizip-devel-1.2.3-29.el6.i686.rpm - Scientific Linux Development Team