mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

got a CVE number

Browse source
This commit is contained in:
Joey Hess 2018-06-18 17:56:18 -04:00
parent e00b3ab3d5
commit c81b879d39
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
3 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/bugs/security_hole_private_data_exposure_via_addurl.mdwn
View file

@ -1,3 +1,5 @@
CVE-2018-10857
This is a security hole that allows exposure of
private data in files located outside the git-annex repository.

8
doc/security/private_data_exposure.mdwn → doc/security/CVE-2018-10857.mdwn
View file

@ -1,7 +1,7 @@
Some uses of git-annex were vulnerable to a private data exposure and
exfiltration attack. It could expose the content of files located
outside the git-annex repository, or content from a private
web server on localhost or the LAN.
CVE-2018-10857: Some uses of git-annex were vulnerable to a private data
exposure and exfiltration attack. It could expose the content of files
located outside the git-annex repository, or content from a private web
server on localhost or the LAN.
This was fixed in git-annex 6.20180622.