Synopsis: Moderate: git security and bug fix update Advisory ID: SLSA-2017:2004-1 Issue Date: 2017-08-01 CVE Numbers: CVE-2014-9938 CVE-2017-8386 -- Security Fix(es): * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) -- SL7 x86_64 git-1.8.3.1-11.el7.x86_64.rpm git-daemon-1.8.3.1-11.el7.x86_64.rpm git-debuginfo-1.8.3.1-11.el7.x86_64.rpm git-svn-1.8.3.1-11.el7.x86_64.rpm noarch emacs-git-1.8.3.1-11.el7.noarch.rpm emacs-git-el-1.8.3.1-11.el7.noarch.rpm git-all-1.8.3.1-11.el7.noarch.rpm git-bzr-1.8.3.1-11.el7.noarch.rpm git-cvs-1.8.3.1-11.el7.noarch.rpm git-email-1.8.3.1-11.el7.noarch.rpm git-gui-1.8.3.1-11.el7.noarch.rpm git-hg-1.8.3.1-11.el7.noarch.rpm git-p4-1.8.3.1-11.el7.noarch.rpm gitk-1.8.3.1-11.el7.noarch.rpm gitweb-1.8.3.1-11.el7.noarch.rpm perl-Git-1.8.3.1-11.el7.noarch.rpm perl-Git-SVN-1.8.3.1-11.el7.noarch.rpm - Scientific Linux Development Team