CVE-2015-0838

Published: 31 March 2015

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

Priority

Medium

Status

Package Release Status
dulwich
Launchpad, Ubuntu, Debian
Upstream
Released (0.9.9)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.10.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(0.10.1-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://git.samba.org/?p=jelmer/dulwich.git;a=commit;h=b25e8390074060ea2aed25cf070b8e98b85a3875