Univention Bugzilla – Bug 37395
git: Multiple issues (3.2)
Last modified: 2019-04-11 19:24:18 CEST
If git is used on a filesystem that is case-insensitive (i.e. NFTS, VFAT or HFS) and if the user is tricked into cloning or accessing a malformed repository, this could lead to an attacker overwriting the .git/config file, resulting in the execution of arbitrary commands (CVE-2014-9390) Such filesystems are uncommon in UCS, so low impact.
* "int" is the wrong data type for ... nlen assignment (CVE-2016-2315) * integer overflow due to a loop which adds more to "len" (CVE-2016-2324)
UCS 3.2 is out of maintenance and this package is not covered in any of the extended security scenarios.