CVE-2011-1572

Published: 4 October 2011

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.

Priority

Status

Package	Release	Status
gitolite Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Not vulnerable (2.0.3-2)
	precise	Not vulnerable (2.0.3-2)
	quantal	Not vulnerable (2.0.3-2)
	upstream	Released (1.5.9.1)
	Patches: upstream: https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc

References

http://www.debian.org/security/2011/dsa-2215
https://www.cve.org/CVERecord?id=CVE-2011-1572
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=695568

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›