Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-5517

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

Related bugs and status

CVE-2008-5517 (Candidate) is related to these bugs:

Bug #317052: gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)

		In	Importance	Status
317052	gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)	gitweb (Ubuntu)	Undecided	Fix Released
317052	gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)	git (CentOS)	Critical	Fix Released
317052	gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)	gitweb (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: http://www.debian.org/...
MISC: http://www.gentoo.org/...
MISC: https://bugzilla.redha...
MISC: http://lists.opensuse....
MISC: http://www.ubuntu.com/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://bugs.debian.org...
MISC: http://repo.or.cz/w/gi...
MISC: http://wiki.rpath.com/...
MISC: https://issues.rpath.c...