CVE-2008-5516
Published: 20 January 2009
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
Priority
Status
Package | Release | Status |
---|---|---|
git-core Launchpad, Ubuntu, Debian |
upstream |
Released
(1.5.6.6)
|
dapper |
Not vulnerable
(no gitweb)
|
|
gutsy |
Released
(1:1.5.2.5-2ubuntu0.1)
|
|
hardy |
Released
(1:1.5.4.3-1ubuntu2.1)
|
|
intrepid |
Not vulnerable
(1:1.5.6.3-1.1ubuntu2)
|
|
Patches: upstream: http://repo.or.cz/w/git.git?a=commitdiff;h=c582abae |