Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-1353
Vulnerability from cvelistv5
Published
2020-01-24 21:14
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Git |
Version: Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Git", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-01T23:06:10", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u", }, { tags: [ "x_refsource_MISC", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1353", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Git", version: { version_data: [ { version_value: "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", refsource: "MISC", url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1353", datePublished: "2020-01-24T21:14:21", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.14.0\", \"versionEndExcluding\": \"2.14.6\", \"matchCriteriaId\": \"CD0FE176-63B7-4176-8319-80CD3D7C524E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.15.0\", \"versionEndExcluding\": \"2.15.4\", \"matchCriteriaId\": \"7FA79B4D-1A29-4520-ACF7-BBD5B2696ABA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.16.0\", \"versionEndExcluding\": \"2.16.6\", \"matchCriteriaId\": \"DB018182-B15F-47BC-85FA-6847BB37844A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.17.0\", \"versionEndExcluding\": \"2.17.3\", \"matchCriteriaId\": \"19CF821B-9ECC-4F6C-B0BC-7361370776C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.18.0\", \"versionEndExcluding\": \"2.18.2\", \"matchCriteriaId\": \"84278A89-0D1B-4CFD-9B31-68D8D7327E65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.19.0\", \"versionEndExcluding\": \"2.19.3\", \"matchCriteriaId\": \"7B4FA857-692C-4C00-A170-1F31E6D9563E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.20.0\", \"versionEndExcluding\": \"2.20.2\", \"matchCriteriaId\": \"BD4C8899-C9E7-4DFC-BE17-D5D67B9B5FFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.21.0\", \"versionEndExcluding\": \"2.21.1\", \"matchCriteriaId\": \"4392299F-8DFB-4ADF-BAA8-4415D459E8EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.22.0\", \"versionEndExcluding\": \"2.22.2\", \"matchCriteriaId\": \"025C10E9-40A6-408C-AE2C-5FC55E788775\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.23.0\", \"versionEndExcluding\": \"2.23.1\", \"matchCriteriaId\": \"C9073ABE-276B-4301-B39C-B9BB6C1AA681\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.24.0\", \"versionEndExcluding\": \"2.24.1\", \"matchCriteriaId\": \"B6D58347-1CE3-4AEA-9617-2F46CCBE167E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \\\"WSL\\\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.\"}, {\"lang\": \"es\", \"value\": \"El controlador IEC870IP para Vijeo Citect y Citect SCADA de AVENA y Power SCADA Operation de Schneider Electric, presenta una vulnerabilidad de desbordamiento de b\\u00fafer que podr\\u00eda resultar en un bloqueo del lado del servidor.\"}]", id: "CVE-2019-1353", lastModified: "2024-11-21T04:36:32.663", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2020-01-24T22:15:19.253", references: "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-30\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2019-1353\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-01-24T22:15:19.253\",\"lastModified\":\"2024-11-21T04:36:32.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \\\"WSL\\\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.\"},{\"lang\":\"es\",\"value\":\"El controlador IEC870IP para Vijeo Citect y Citect SCADA de AVENA y Power SCADA Operation de Schneider Electric, presenta una vulnerabilidad de desbordamiento de búfer que podría resultar en un bloqueo del lado del servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.14.0\",\"versionEndExcluding\":\"2.14.6\",\"matchCriteriaId\":\"CD0FE176-63B7-4176-8319-80CD3D7C524E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.15.0\",\"versionEndExcluding\":\"2.15.4\",\"matchCriteriaId\":\"7FA79B4D-1A29-4520-ACF7-BBD5B2696ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.16.0\",\"versionEndExcluding\":\"2.16.6\",\"matchCriteriaId\":\"DB018182-B15F-47BC-85FA-6847BB37844A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.17.0\",\"versionEndExcluding\":\"2.17.3\",\"matchCriteriaId\":\"19CF821B-9ECC-4F6C-B0BC-7361370776C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.18.0\",\"versionEndExcluding\":\"2.18.2\",\"matchCriteriaId\":\"84278A89-0D1B-4CFD-9B31-68D8D7327E65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.19.0\",\"versionEndExcluding\":\"2.19.3\",\"matchCriteriaId\":\"7B4FA857-692C-4C00-A170-1F31E6D9563E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.20.0\",\"versionEndExcluding\":\"2.20.2\",\"matchCriteriaId\":\"BD4C8899-C9E7-4DFC-BE17-D5D67B9B5FFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.21.0\",\"versionEndExcluding\":\"2.21.1\",\"matchCriteriaId\":\"4392299F-8DFB-4ADF-BAA8-4415D459E8EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.22.0\",\"versionEndExcluding\":\"2.22.2\",\"matchCriteriaId\":\"025C10E9-40A6-408C-AE2C-5FC55E788775\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.23.0\",\"versionEndExcluding\":\"2.23.1\",\"matchCriteriaId\":\"C9073ABE-276B-4301-B39C-B9BB6C1AA681\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.24.0\",\"versionEndExcluding\":\"2.24.1\",\"matchCriteriaId\":\"B6D58347-1CE3-4AEA-9617-2F46CCBE167E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://security.gentoo.org/glsa/202003-30\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
opensuse-su-2024:10943-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libgit2-1_1-1.1.1-1.2 on GA media
Notes
Title of the patch
libgit2-1_1-1.1.1-1.2 on GA media
Description of the patch
These are all security issues fixed in the libgit2-1_1-1.1.1-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10943
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libgit2-1_1-1.1.1-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libgit2-1_1-1.1.1-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10943", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10943-1.json", }, { category: "self", summary: "SUSE CVE CVE-2005-4900 page", url: "https://www.suse.com/security/cve/CVE-2005-4900/", }, { category: "self", summary: "SUSE CVE CVE-2016-10128 page", url: "https://www.suse.com/security/cve/CVE-2016-10128/", }, { category: "self", summary: "SUSE CVE CVE-2016-10130 page", url: "https://www.suse.com/security/cve/CVE-2016-10130/", }, { category: "self", summary: "SUSE CVE CVE-2018-10887 page", url: "https://www.suse.com/security/cve/CVE-2018-10887/", }, { category: "self", summary: "SUSE CVE CVE-2018-11235 page", url: "https://www.suse.com/security/cve/CVE-2018-11235/", }, { category: "self", summary: "SUSE CVE CVE-2018-17456 page", url: "https://www.suse.com/security/cve/CVE-2018-17456/", }, { category: "self", summary: "SUSE CVE CVE-2018-8098 page", url: "https://www.suse.com/security/cve/CVE-2018-8098/", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, ], title: "libgit2-1_1-1.1.1-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10943-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libgit2-1_1-1.1.1-1.2.aarch64", product: { name: "libgit2-1_1-1.1.1-1.2.aarch64", product_id: "libgit2-1_1-1.1.1-1.2.aarch64", }, }, { category: "product_version", name: "libgit2-1_1-32bit-1.1.1-1.2.aarch64", product: { name: "libgit2-1_1-32bit-1.1.1-1.2.aarch64", product_id: "libgit2-1_1-32bit-1.1.1-1.2.aarch64", }, }, { category: "product_version", name: "libgit2-devel-1.1.1-1.2.aarch64", product: { name: "libgit2-devel-1.1.1-1.2.aarch64", product_id: "libgit2-devel-1.1.1-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libgit2-1_1-1.1.1-1.2.ppc64le", product: { name: "libgit2-1_1-1.1.1-1.2.ppc64le", product_id: "libgit2-1_1-1.1.1-1.2.ppc64le", }, }, { category: "product_version", name: "libgit2-1_1-32bit-1.1.1-1.2.ppc64le", product: { name: "libgit2-1_1-32bit-1.1.1-1.2.ppc64le", product_id: "libgit2-1_1-32bit-1.1.1-1.2.ppc64le", }, }, { category: "product_version", name: "libgit2-devel-1.1.1-1.2.ppc64le", product: { name: "libgit2-devel-1.1.1-1.2.ppc64le", product_id: "libgit2-devel-1.1.1-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libgit2-1_1-1.1.1-1.2.s390x", product: { name: "libgit2-1_1-1.1.1-1.2.s390x", product_id: "libgit2-1_1-1.1.1-1.2.s390x", }, }, { category: "product_version", name: "libgit2-1_1-32bit-1.1.1-1.2.s390x", product: { name: "libgit2-1_1-32bit-1.1.1-1.2.s390x", product_id: "libgit2-1_1-32bit-1.1.1-1.2.s390x", }, }, { category: "product_version", name: "libgit2-devel-1.1.1-1.2.s390x", product: { name: "libgit2-devel-1.1.1-1.2.s390x", product_id: "libgit2-devel-1.1.1-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libgit2-1_1-1.1.1-1.2.x86_64", product: { name: "libgit2-1_1-1.1.1-1.2.x86_64", product_id: "libgit2-1_1-1.1.1-1.2.x86_64", }, }, { category: "product_version", name: "libgit2-1_1-32bit-1.1.1-1.2.x86_64", product: { name: "libgit2-1_1-32bit-1.1.1-1.2.x86_64", product_id: "libgit2-1_1-32bit-1.1.1-1.2.x86_64", }, }, { category: "product_version", name: "libgit2-devel-1.1.1-1.2.x86_64", product: { name: "libgit2-devel-1.1.1-1.2.x86_64", product_id: "libgit2-devel-1.1.1-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libgit2-1_1-1.1.1-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", }, product_reference: "libgit2-1_1-1.1.1-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-1.1.1-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", }, product_reference: "libgit2-1_1-1.1.1-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-1.1.1-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", }, product_reference: "libgit2-1_1-1.1.1-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-1.1.1-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", }, product_reference: "libgit2-1_1-1.1.1-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-32bit-1.1.1-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", }, product_reference: "libgit2-1_1-32bit-1.1.1-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-32bit-1.1.1-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", }, product_reference: "libgit2-1_1-32bit-1.1.1-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-32bit-1.1.1-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", }, product_reference: "libgit2-1_1-32bit-1.1.1-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-1_1-32bit-1.1.1-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", }, product_reference: "libgit2-1_1-32bit-1.1.1-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-devel-1.1.1-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", }, product_reference: "libgit2-devel-1.1.1-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-devel-1.1.1-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", }, product_reference: "libgit2-devel-1.1.1-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-devel-1.1.1-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", }, product_reference: "libgit2-devel-1.1.1-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libgit2-devel-1.1.1-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", }, product_reference: "libgit2-devel-1.1.1-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2005-4900", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2005-4900", }, ], notes: [ { category: "general", text: "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2005-4900", url: "https://www.suse.com/security/cve/CVE-2005-4900", }, { category: "external", summary: "SUSE Bug 1026646 for CVE-2005-4900", url: "https://bugzilla.suse.com/1026646", }, { category: "external", summary: "SUSE Bug 1026936 for CVE-2005-4900", url: "https://bugzilla.suse.com/1026936", }, { category: "external", summary: "SUSE Bug 1042640 for CVE-2005-4900", url: "https://bugzilla.suse.com/1042640", }, { category: "external", summary: "SUSE Bug 1150998 for CVE-2005-4900", url: "https://bugzilla.suse.com/1150998", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2005-4900", }, { cve: "CVE-2016-10128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10128", }, ], notes: [ { category: "general", text: "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10128", url: "https://www.suse.com/security/cve/CVE-2016-10128", }, { category: "external", summary: "SUSE Bug 1019036 for CVE-2016-10128", url: "https://bugzilla.suse.com/1019036", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10128", }, { cve: "CVE-2016-10130", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10130", }, ], notes: [ { category: "general", text: "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10130", url: "https://www.suse.com/security/cve/CVE-2016-10130", }, { category: "external", summary: "SUSE Bug 1019037 for CVE-2016-10130", url: "https://bugzilla.suse.com/1019037", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10130", }, { cve: "CVE-2018-10887", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10887", }, ], notes: [ { category: "general", text: "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-10887", url: "https://www.suse.com/security/cve/CVE-2018-10887", }, { category: "external", summary: "SUSE Bug 1100613 for CVE-2018-10887", url: "https://bugzilla.suse.com/1100613", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-10887", }, { cve: "CVE-2018-11235", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11235", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11235", url: "https://www.suse.com/security/cve/CVE-2018-11235", }, { category: "external", summary: "SUSE Bug 1095219 for CVE-2018-11235", url: "https://bugzilla.suse.com/1095219", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-11235", }, { cve: "CVE-2018-17456", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17456", }, ], notes: [ { category: "general", text: "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17456", url: "https://www.suse.com/security/cve/CVE-2018-17456", }, { category: "external", summary: "SUSE Bug 1110949 for CVE-2018-17456", url: "https://bugzilla.suse.com/1110949", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-17456", }, { cve: "CVE-2018-8098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8098", }, ], notes: [ { category: "general", text: "Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8098", url: "https://www.suse.com/security/cve/CVE-2018-8098", }, { category: "external", summary: "SUSE Bug 1085256 for CVE-2018-8098", url: "https://bugzilla.suse.com/1085256", }, { category: "external", summary: "SUSE Bug 1085257 for CVE-2018-8098", url: "https://bugzilla.suse.com/1085257", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8098", }, { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-1_1-32bit-1.1.1-1.2.x86_64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.aarch64", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.ppc64le", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.s390x", "openSUSE Tumbleweed:libgit2-devel-1.1.1-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-1387", }, ], }
opensuse-su-2020:0598-1
Vulnerability from csaf_opensuse
Published
2020-05-01 18:28
Modified
2020-05-01 18:28
Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
Security issues fixed:
* CVE-2020-11008: Specially crafted URLs may have tricked the
credentials helper to providing credential information that
is not appropriate for the protocol in use and host being
contacted (bsc#1169936)
git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)
- Fix git-daemon not starting after conversion from sysvinit to systemd service
(bsc#1169605).
* CVE-2020-5260: Specially crafted URLs with newline characters
could have been used to make the Git client to send credential
information for a wrong host to the attacker's site bsc#1168930
git 2.26.0 (bsc#1167890, jsc#SLE-11608):
* 'git rebase' now uses a different backend that is based on the
'merge' machinery by default. The 'rebase.backend' configuration
variable reverts to old behaviour when set to 'apply'
* Improved handling of sparse checkouts
* Improvements to many commands and internal features
git 2.25.2:
* bug fixes to various subcommands in specific operations
git 2.25.1:
* 'git commit' now honors advise.statusHints
* various updates, bug fixes and documentation updates
git 2.25.0
* The branch description ('git branch --edit-description') has been
used to fill the body of the cover letters by the format-patch
command; this has been enhanced so that the subject can also be
filled.
* A few commands learned to take the pathspec from the standard input
or a named file, instead of taking it as the command line
arguments, with the '--pathspec-from-file' option.
* Test updates to prepare for SHA-2 transition continues.
* Redo 'git name-rev' to avoid recursive calls.
* When all files from some subdirectory were renamed to the root
directory, the directory rename heuristics would fail to detect that
as a rename/merge of the subdirectory to the root directory, which has
been corrected.
* HTTP transport had possible allocator/deallocator mismatch, which
has been corrected.
git 2.24.1:
* CVE-2019-1348: The --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=...
and it allows overwriting arbitrary paths (bsc#1158785)
* CVE-2019-1349: on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled
into using the same Git directory twice (bsc#1158787)
* CVE-2019-1350: Incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in
conjunction with SSH URLs (bsc#1158788)
* CVE-2019-1351: on Windows mistakes drive letters outside of
the US-English alphabet as relative paths (bsc#1158789)
* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
Streams (bsc#1158790)
* CVE-2019-1353: when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active (bsc#1158791)
* CVE-2019-1354: on Windows refuses to write tracked files with
filenames that contain backslashes (bsc#1158792)
* CVE-2019-1387: Recursive clones vulnerability that is caused
by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive
clones (bsc#1158793)
* CVE-2019-19604: a recursive clone followed by a submodule
update could execute code contained within the repository
without the user explicitly having asked for that (bsc#1158795)
git 2.24.0
* The command line parser learned '--end-of-options' notation.
* A mechanism to affect the default setting for a (related) group of
configuration variables is introduced.
* 'git fetch' learned '--set-upstream' option to help those who first
clone from their private fork they intend to push to, add the true
upstream via 'git remote add' and then 'git fetch' from it.
* fixes and improvements to UI, workflow and features, bash completion fixes
git 2.23.0:
* The '--base' option of 'format-patch' computed the patch-ids for
prerequisite patches in an unstable way, which has been updated
to compute in a way that is compatible with 'git patch-id
--stable'.
* The 'git log' command by default behaves as if the --mailmap
option was given.
* fixes and improvements to UI, workflow and features
git 2.22.1
* A relative pathname given to 'git init --template=<path> <repo>'
ought to be relative to the directory 'git init' gets invoked in,
but it instead was made relative to the repository, which has been
corrected.
* 'git worktree add' used to fail when another worktree connected to
the same repository was corrupt, which has been corrected.
* 'git am -i --resolved' segfaulted after trying to see a commit as
if it were a tree, which has been corrected.
* 'git merge --squash' is designed to update the working tree and the
index without creating the commit, and this cannot be countermanded
by adding the '--commit' option; the command now refuses to work
when both options are given.
* Update to Unicode 12.1 width table.
* 'git request-pull' learned to warn when the ref we ask them to pull
from in the local repository and in the published repository are
different.
* 'git fetch' into a lazy clone forgot to fetch base objects that are
necessary to complete delta in a thin packfile, which has been
corrected.
* The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.
* 'git clean' silently skipped a path when it cannot lstat() it; now
it gives a warning.
* 'git rm' to resolve a conflicted path leaked an internal message
'needs merge' before actually removing the path, which was
confusing. This has been corrected.
* Many more bugfixes and code cleanups.
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld.
- partial fix for git instaweb giving 500 error (bsc#1112230)
git 2.22.0
* The filter specification '--filter=sparse:path=<path>' used to
create a lazy/partial clone has been removed. Using a blob that is
part of the project as sparse specification is still supported with
the '--filter=sparse:oid=<blob>' option
* 'git checkout --no-overlay' can be used to trigger a new mode of
checking out paths out of the tree-ish, that allows paths that
match the pathspec that are in the current index and working tree
and are not in the tree-ish.
* Four new configuration variables {author,committer}.{name,email}
have been introduced to override user.{name,email} in more specific
cases.
* 'git branch' learned a new subcommand '--show-current'.
* The command line completion (in contrib/) has been taught to
complete more subcommand parameters.
* The completion helper code now pays attention to repository-local
configuration (when available), which allows --list-cmds to honour
a repository specific setting of completion.commands, for example.
* The list of conflicted paths shown in the editor while concluding a
conflicted merge was shown above the scissors line when the
clean-up mode is set to 'scissors', even though it was commented
out just like the list of updated paths and other information to
help the user explain the merge better.
* 'git rebase' that was reimplemented in C did not set ORIG_HEAD
correctly, which has been corrected.
* 'git worktree add' used to do a 'find an available name with stat
and then mkdir', which is race-prone. This has been fixed by using
mkdir and reacting to EEXIST in a loop.
- Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy
DocBook 4.5 format.
- update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)
git 2.21.0
* Historically, the '-m' (mainline) option can only be used for 'git
cherry-pick' and 'git revert' when working with a merge commit.
This version of Git no longer warns or errors out when working with
a single-parent commit, as long as the argument to the '-m' option
is 1 (i.e. it has only one parent, and the request is to pick or
revert relative to that first parent). Scripts that relied on the
behaviour may get broken with this change.
* Small fixes and features for fast-export and fast-import.
* The 'http.version' configuration variable can be used with recent
enough versions of cURL library to force the version of HTTP used
to talk when fetching and pushing.
* 'git push $there $src:$dst' rejects when $dst is not a fully
qualified refname and it is not clear what the end user meant.
* Update 'git multimail' from the upstream.
* A new date format '--date=human' that morphs its output depending
on how far the time is from the current time has been introduced.
'--date=auto:human' can be used to use this new format (or any
existing format) when the output is going to the pager or to the
terminal, and otherwise the default format.
- Fix worktree creation race (bsc#1114225).
- add shadow build dependency to the -daemon subpackage.
git 2.20.1:
* portability fixes
* 'git help -a' did not work well when an overly long alias was
defined
* no longer squelched an error message when the run_command API
failed to run a missing command
git 2.20.0
* 'git help -a' now gives verbose output (same as 'git help -av').
Those who want the old output may say 'git help --no-verbose -a'..
* 'git send-email' learned to grab address-looking string on any
trailer whose name ends with '-by'.
* 'git format-patch' learned new '--interdiff' and '--range-diff'
options to explain the difference between this version and the
previous attempt in the cover letter (or after the three-dashes as
a comment).
* Developer builds now use -Wunused-function compilation option.
* Fix a bug in which the same path could be registered under multiple
worktree entries if the path was missing (for instance, was removed
manually). Also, as a convenience, expand the number of cases in
which --force is applicable.
* The overly large Documentation/config.txt file have been split into
million little pieces. This potentially allows each individual piece
to be included into the manual page of the command it affects more easily.
* Malformed or crafted data in packstream can make our code attempt
to read or write past the allocated buffer and abort, instead of
reporting an error, which has been fixed.
* Fix for a long-standing bug that leaves the index file corrupt when
it shrinks during a partial commit.
* 'git merge' and 'git pull' that merges into an unborn branch used
to completely ignore '--verify-signatures', which has been
corrected.
* ...and much more features and fixes
git 2.19.2:
* various bug fixes for multiple subcommands and operations
git 2.19.1:
* CVE-2018-17456: Specially crafted .gitmodules files may have
allowed arbitrary code execution when the repository is cloned
with --recurse-submodules (bsc#1110949)
git 2.19.0:
* 'git diff' compares the index and the working tree. For paths
added with intent-to-add bit, the command shows the full contents
of them as added, but the paths themselves were not marked as new
files. They are now shown as new by default.
* 'git apply' learned the '--intent-to-add' option so that an
otherwise working-tree-only application of a patch will add new
paths to the index marked with the 'intent-to-add' bit.
* 'git grep' learned the '--column' option that gives not just the
line number but the column number of the hit.
* The '-l' option in 'git branch -l' is an unfortunate short-hand for
'--create-reflog', but many users, both old and new, somehow expect
it to be something else, perhaps '--list'. This step warns when '-l'
is used as a short-hand for '--create-reflog' and warns about the
future repurposing of the it when it is used.
* The userdiff pattern for .php has been updated.
* The content-transfer-encoding of the message 'git send-email' sends
out by default was 8bit, which can cause trouble when there is an
overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
automatically switch to quoted-printable when there is such a line
in the payload has been introduced and is made the default.
* 'git checkout' and 'git worktree add' learned to honor
checkout.defaultRemote when auto-vivifying a local branch out of a
remote tracking branch in a repository with multiple remotes that
have tracking branches that share the same names.
(merge 8d7b558bae ab/checkout-default-remote later to maint).
* 'git grep' learned the '--only-matching' option.
* 'git rebase --rebase-merges' mode now handles octopus merges as
well.
* Add a server-side knob to skip commits in exponential/fibbonacci
stride in an attempt to cover wider swath of history with a smaller
number of iterations, potentially accepting a larger packfile
transfer, instead of going back one commit a time during common
ancestor discovery during the 'git fetch' transaction.
(merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).
* A new configuration variable core.usereplacerefs has been added,
primarily to help server installations that want to ignore the
replace mechanism altogether.
* Teach 'git tag -s' etc. a few configuration variables (gpg.format
that can be set to 'openpgp' or 'x509', and gpg.<format>.program
that is used to specify what program to use to deal with the format)
to allow x.509 certs with CMS via 'gpgsm' to be used instead of
openpgp via 'gnupg'.
* Many more strings are prepared for l10n.
* 'git p4 submit' learns to ask its own pre-submit hook if it should
continue with submitting.
* The test performed at the receiving end of 'git push' to prevent
bad objects from entering repository can be customized via
receive.fsck.* configuration variables; we now have gained a
counterpart to do the same on the 'git fetch' side, with
fetch.fsck.* configuration variables.
* 'git pull --rebase=interactive' learned 'i' as a short-hand for
'interactive'.
* 'git instaweb' has been adjusted to run better with newer Apache on
RedHat based distros.
* 'git range-diff' is a reimplementation of 'git tbdiff' that lets us
compare individual patches in two iterations of a topic.
* The sideband code learned to optionally paint selected keywords at
the beginning of incoming lines on the receiving end.
* 'git branch --list' learned to take the default sort order from the
'branch.sort' configuration variable, just like 'git tag --list'
pays attention to 'tag.sort'.
* 'git worktree' command learned '--quiet' option to make it less
verbose.
git 2.18.0:
* improvements to rename detection logic
* When built with more recent cURL, GIT_SSL_VERSION can now
specify 'tlsv1.3' as its value.
* 'git mergetools' learned talking to guiffy.
* various other workflow improvements and fixes
* performance improvements and other developer visible fixes
git 2.17.1
* Submodule 'names' come from the untrusted .gitmodules file, but
we blindly append them to $GIT_DIR/modules to create our on-disk
repo paths. This means you can do bad things by putting '../'
into the name. We now enforce some rules for submodule names
which will cause Git to ignore these malicious names
(CVE-2018-11235, bsc#1095219)
* It was possible to trick the code that sanity-checks paths on
NTFS into reading random piece of memory
(CVE-2018-11233, bsc#1095218)
* Support on the server side to reject pushes to repositories
that attempt to create such problematic .gitmodules file etc.
as tracked contents, to help hosting sites protect their
customers by preventing malicious contents from spreading.
git 2.17.0:
* 'diff' family of commands learned '--find-object=<object-id>' option
to limit the findings to changes that involve the named object.
* 'git format-patch' learned to give 72-cols to diffstat, which is
consistent with other line length limits the subcommand uses for
its output meant for e-mails.
* The log from 'git daemon' can be redirected with a new option; one
relevant use case is to send the log to standard error (instead of
syslog) when running it from inetd.
* 'git rebase' learned to take '--allow-empty-message' option.
* 'git am' has learned the '--quit' option, in addition to the
existing '--abort' option; having the pair mirrors a few other
commands like 'rebase' and 'cherry-pick'.
* 'git worktree add' learned to run the post-checkout hook, just like
'git clone' runs it upon the initial checkout.
* 'git tag' learned an explicit '--edit' option that allows the
message given via '-m' and '-F' to be further edited.
* 'git fetch --prune-tags' may be used as a handy short-hand for
getting rid of stale tags that are locally held.
* The new '--show-current-patch' option gives an end-user facing way
to get the diff being applied when 'git rebase' (and 'git am')
stops with a conflict.
* 'git add -p' used to offer '/' (look for a matching hunk) as a
choice, even there was only one hunk, which has been corrected.
Also the single-key help is now given only for keys that are
enabled (e.g. help for '/' won't be shown when there is only one
hunk).
* Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when
the side branch being merged is a descendant of the current commit,
create a merge commit instead of fast-forwarding) when merging a
tag object. This was appropriate default for integrators who pull
signed tags from their downstream contributors, but caused an
unnecessary merges when used by downstream contributors who
habitually 'catch up' their topic branches with tagged releases
from the upstream. Update 'git merge' to default to --no-ff only
when merging a tag object that does *not* sit at its usual place in
refs/tags/ hierarchy, and allow fast-forwarding otherwise, to
mitigate the problem.
* 'git status' can spend a lot of cycles to compute the relation
between the current branch and its upstream, which can now be
disabled with '--no-ahead-behind' option.
* 'git diff' and friends learned funcname patterns for Go language
source files.
* 'git send-email' learned '--reply-to=<address>' option.
* Funcname pattern used for C# now recognizes 'async' keyword.
* In a way similar to how 'git tag' learned to honor the pager
setting only in the list mode, 'git config' learned to ignore the
pager setting when it is used for setting values (i.e. when the
purpose of the operation is not to 'show').
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-598
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for git", title: "Title of the patch", }, { category: "description", text: "This update for git fixes the following issues:\n\nSecurity issues fixed:\n\n* CVE-2020-11008: Specially crafted URLs may have tricked the\n credentials helper to providing credential information that\n is not appropriate for the protocol in use and host being\n contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n- Fix git-daemon not starting after conversion from sysvinit to systemd service\n (bsc#1169605).\n\n* CVE-2020-5260: Specially crafted URLs with newline characters\n could have been used to make the Git client to send credential\n information for a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608):\n\n* 'git rebase' now uses a different backend that is based on the\n 'merge' machinery by default. The 'rebase.backend' configuration\n variable reverts to old behaviour when set to 'apply'\n* Improved handling of sparse checkouts\n* Improvements to many commands and internal features\n\ngit 2.25.2:\n\n* bug fixes to various subcommands in specific operations\n\ngit 2.25.1:\n\n* 'git commit' now honors advise.statusHints\n* various updates, bug fixes and documentation updates\n\ngit 2.25.0\n\n* The branch description ('git branch --edit-description') has been\n used to fill the body of the cover letters by the format-patch\n command; this has been enhanced so that the subject can also be\n filled.\n* A few commands learned to take the pathspec from the standard input\n or a named file, instead of taking it as the command line\n arguments, with the '--pathspec-from-file' option.\n* Test updates to prepare for SHA-2 transition continues.\n* Redo 'git name-rev' to avoid recursive calls.\n* When all files from some subdirectory were renamed to the root\n directory, the directory rename heuristics would fail to detect that\n as a rename/merge of the subdirectory to the root directory, which has\n been corrected.\n* HTTP transport had possible allocator/deallocator mismatch, which\n has been corrected.\n\ngit 2.24.1:\n\n* CVE-2019-1348: The --export-marks option of fast-import is\n exposed also via the in-stream command feature export-marks=...\n and it allows overwriting arbitrary paths (bsc#1158785)\n* CVE-2019-1349: on Windows, when submodules are cloned\n recursively, under certain circumstances Git could be fooled\n into using the same Git directory twice (bsc#1158787)\n* CVE-2019-1350: Incorrect quoting of command-line arguments\n allowed remote code execution during a recursive clone in\n conjunction with SSH URLs (bsc#1158788)\n* CVE-2019-1351: on Windows mistakes drive letters outside of\n the US-English alphabet as relative paths (bsc#1158789)\n* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data\n Streams (bsc#1158790)\n* CVE-2019-1353: when run in the Windows Subsystem for Linux\n while accessing a working directory on a regular Windows\n drive, none of the NTFS protections were active (bsc#1158791)\n* CVE-2019-1354: on Windows refuses to write tracked files with\n filenames that contain backslashes (bsc#1158792)\n* CVE-2019-1387: Recursive clones vulnerability that is caused\n by too-lax validation of submodule names, allowing very\n targeted attacks via remote code execution in recursive\n clones (bsc#1158793)\n* CVE-2019-19604: a recursive clone followed by a submodule\n update could execute code contained within the repository\n without the user explicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\n* The command line parser learned '--end-of-options' notation.\n* A mechanism to affect the default setting for a (related) group of\n configuration variables is introduced.\n* 'git fetch' learned '--set-upstream' option to help those who first\n clone from their private fork they intend to push to, add the true\n upstream via 'git remote add' and then 'git fetch' from it.\n* fixes and improvements to UI, workflow and features, bash completion fixes\n\ngit 2.23.0:\n\n* The '--base' option of 'format-patch' computed the patch-ids for\n prerequisite patches in an unstable way, which has been updated\n to compute in a way that is compatible with 'git patch-id\n --stable'.\n* The 'git log' command by default behaves as if the --mailmap\n option was given.\n* fixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\n* A relative pathname given to 'git init --template=<path> <repo>'\n ought to be relative to the directory 'git init' gets invoked in,\n but it instead was made relative to the repository, which has been\n corrected.\n* 'git worktree add' used to fail when another worktree connected to\n the same repository was corrupt, which has been corrected.\n* 'git am -i --resolved' segfaulted after trying to see a commit as\n if it were a tree, which has been corrected.\n* 'git merge --squash' is designed to update the working tree and the\n index without creating the commit, and this cannot be countermanded\n by adding the '--commit' option; the command now refuses to work\n when both options are given.\n* Update to Unicode 12.1 width table.\n* 'git request-pull' learned to warn when the ref we ask them to pull\n from in the local repository and in the published repository are\n different.\n* 'git fetch' into a lazy clone forgot to fetch base objects that are\n necessary to complete delta in a thin packfile, which has been\n corrected.\n* The URL decoding code has been updated to avoid going past the end\n of the string while parsing %-<hex>-<hex> sequence.\n* 'git clean' silently skipped a path when it cannot lstat() it; now\n it gives a warning.\n* 'git rm' to resolve a conflicted path leaked an internal message\n 'needs merge' before actually removing the path, which was\n confusing. This has been corrected.\n* Many more bugfixes and code cleanups.\n\n- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by\n firewalld.\n\n- partial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0 \n\n* The filter specification '--filter=sparse:path=<path>' used to\n create a lazy/partial clone has been removed. Using a blob that is\n part of the project as sparse specification is still supported with\n the '--filter=sparse:oid=<blob>' option\n* 'git checkout --no-overlay' can be used to trigger a new mode of\n checking out paths out of the tree-ish, that allows paths that\n match the pathspec that are in the current index and working tree\n and are not in the tree-ish.\n* Four new configuration variables {author,committer}.{name,email}\n have been introduced to override user.{name,email} in more specific\n cases.\n* 'git branch' learned a new subcommand '--show-current'.\n* The command line completion (in contrib/) has been taught to\n complete more subcommand parameters.\n* The completion helper code now pays attention to repository-local\n configuration (when available), which allows --list-cmds to honour\n a repository specific setting of completion.commands, for example.\n* The list of conflicted paths shown in the editor while concluding a\n conflicted merge was shown above the scissors line when the\n clean-up mode is set to 'scissors', even though it was commented\n out just like the list of updated paths and other information to\n help the user explain the merge better.\n* 'git rebase' that was reimplemented in C did not set ORIG_HEAD\n correctly, which has been corrected.\n* 'git worktree add' used to do a 'find an available name with stat\n and then mkdir', which is race-prone. This has been fixed by using\n mkdir and reacting to EEXIST in a loop. \n\n- Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy\n DocBook 4.5 format.\n\n- update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0\n\n* Historically, the '-m' (mainline) option can only be used for 'git\n cherry-pick' and 'git revert' when working with a merge commit.\n This version of Git no longer warns or errors out when working with\n a single-parent commit, as long as the argument to the '-m' option\n is 1 (i.e. it has only one parent, and the request is to pick or\n revert relative to that first parent). Scripts that relied on the\n behaviour may get broken with this change.\n* Small fixes and features for fast-export and fast-import.\n* The 'http.version' configuration variable can be used with recent\n enough versions of cURL library to force the version of HTTP used\n to talk when fetching and pushing.\n* 'git push $there $src:$dst' rejects when $dst is not a fully\n qualified refname and it is not clear what the end user meant.\n* Update 'git multimail' from the upstream.\n* A new date format '--date=human' that morphs its output depending\n on how far the time is from the current time has been introduced.\n '--date=auto:human' can be used to use this new format (or any\n existing format) when the output is going to the pager or to the\n terminal, and otherwise the default format.\n\n- Fix worktree creation race (bsc#1114225).\n- add shadow build dependency to the -daemon subpackage.\n\n\ngit 2.20.1:\n\n* portability fixes\n* 'git help -a' did not work well when an overly long alias was\n defined\n* no longer squelched an error message when the run_command API\n failed to run a missing command\n\ngit 2.20.0\n\n* 'git help -a' now gives verbose output (same as 'git help -av').\n Those who want the old output may say 'git help --no-verbose -a'..\n* 'git send-email' learned to grab address-looking string on any\n trailer whose name ends with '-by'.\n* 'git format-patch' learned new '--interdiff' and '--range-diff'\n options to explain the difference between this version and the\n previous attempt in the cover letter (or after the three-dashes as\n a comment).\n* Developer builds now use -Wunused-function compilation option.\n* Fix a bug in which the same path could be registered under multiple\n worktree entries if the path was missing (for instance, was removed\n manually). Also, as a convenience, expand the number of cases in\n which --force is applicable.\n* The overly large Documentation/config.txt file have been split into\n million little pieces. This potentially allows each individual piece\n to be included into the manual page of the command it affects more easily.\n* Malformed or crafted data in packstream can make our code attempt\n to read or write past the allocated buffer and abort, instead of\n reporting an error, which has been fixed.\n* Fix for a long-standing bug that leaves the index file corrupt when\n it shrinks during a partial commit.\n* 'git merge' and 'git pull' that merges into an unborn branch used\n to completely ignore '--verify-signatures', which has been\n corrected.\n* ...and much more features and fixes\n\ngit 2.19.2:\n\n* various bug fixes for multiple subcommands and operations\n\ngit 2.19.1:\n\n* CVE-2018-17456: Specially crafted .gitmodules files may have\n allowed arbitrary code execution when the repository is cloned\n with --recurse-submodules (bsc#1110949)\n\ngit 2.19.0:\n\n* 'git diff' compares the index and the working tree. For paths\n added with intent-to-add bit, the command shows the full contents\n of them as added, but the paths themselves were not marked as new\n files. They are now shown as new by default.\n* 'git apply' learned the '--intent-to-add' option so that an\n otherwise working-tree-only application of a patch will add new\n paths to the index marked with the 'intent-to-add' bit.\n* 'git grep' learned the '--column' option that gives not just the\n line number but the column number of the hit.\n* The '-l' option in 'git branch -l' is an unfortunate short-hand for\n '--create-reflog', but many users, both old and new, somehow expect\n it to be something else, perhaps '--list'. This step warns when '-l'\n is used as a short-hand for '--create-reflog' and warns about the\n future repurposing of the it when it is used.\n* The userdiff pattern for .php has been updated.\n* The content-transfer-encoding of the message 'git send-email' sends\n out by default was 8bit, which can cause trouble when there is an\n overlong line to bust RFC 5322/2822 limit. A new option 'auto' to\n automatically switch to quoted-printable when there is such a line\n in the payload has been introduced and is made the default.\n* 'git checkout' and 'git worktree add' learned to honor\n checkout.defaultRemote when auto-vivifying a local branch out of a\n remote tracking branch in a repository with multiple remotes that\n have tracking branches that share the same names.\n (merge 8d7b558bae ab/checkout-default-remote later to maint).\n* 'git grep' learned the '--only-matching' option.\n* 'git rebase --rebase-merges' mode now handles octopus merges as\n well.\n* Add a server-side knob to skip commits in exponential/fibbonacci\n stride in an attempt to cover wider swath of history with a smaller\n number of iterations, potentially accepting a larger packfile\n transfer, instead of going back one commit a time during common\n ancestor discovery during the 'git fetch' transaction.\n (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n* A new configuration variable core.usereplacerefs has been added,\n primarily to help server installations that want to ignore the\n replace mechanism altogether.\n* Teach 'git tag -s' etc. a few configuration variables (gpg.format\n that can be set to 'openpgp' or 'x509', and gpg.<format>.program\n that is used to specify what program to use to deal with the format)\n to allow x.509 certs with CMS via 'gpgsm' to be used instead of\n openpgp via 'gnupg'.\n* Many more strings are prepared for l10n.\n* 'git p4 submit' learns to ask its own pre-submit hook if it should\n continue with submitting.\n* The test performed at the receiving end of 'git push' to prevent\n bad objects from entering repository can be customized via\n receive.fsck.* configuration variables; we now have gained a\n counterpart to do the same on the 'git fetch' side, with\n fetch.fsck.* configuration variables.\n* 'git pull --rebase=interactive' learned 'i' as a short-hand for\n 'interactive'.\n* 'git instaweb' has been adjusted to run better with newer Apache on\n RedHat based distros.\n* 'git range-diff' is a reimplementation of 'git tbdiff' that lets us\n compare individual patches in two iterations of a topic.\n* The sideband code learned to optionally paint selected keywords at\n the beginning of incoming lines on the receiving end.\n* 'git branch --list' learned to take the default sort order from the\n 'branch.sort' configuration variable, just like 'git tag --list'\n pays attention to 'tag.sort'.\n* 'git worktree' command learned '--quiet' option to make it less\n verbose.\n\ngit 2.18.0:\n\n* improvements to rename detection logic\n* When built with more recent cURL, GIT_SSL_VERSION can now\n specify 'tlsv1.3' as its value.\n* 'git mergetools' learned talking to guiffy.\n* various other workflow improvements and fixes\n* performance improvements and other developer visible fixes\n\ngit 2.17.1\n\n* Submodule 'names' come from the untrusted .gitmodules file, but\n we blindly append them to $GIT_DIR/modules to create our on-disk\n repo paths. This means you can do bad things by putting '../'\n into the name. We now enforce some rules for submodule names\n which will cause Git to ignore these malicious names\n (CVE-2018-11235, bsc#1095219)\n* It was possible to trick the code that sanity-checks paths on\n NTFS into reading random piece of memory\n (CVE-2018-11233, bsc#1095218)\n* Support on the server side to reject pushes to repositories\n that attempt to create such problematic .gitmodules file etc.\n as tracked contents, to help hosting sites protect their\n customers by preventing malicious contents from spreading.\n\ngit 2.17.0:\n\n* 'diff' family of commands learned '--find-object=<object-id>' option\n to limit the findings to changes that involve the named object.\n* 'git format-patch' learned to give 72-cols to diffstat, which is\n consistent with other line length limits the subcommand uses for\n its output meant for e-mails.\n* The log from 'git daemon' can be redirected with a new option; one\n relevant use case is to send the log to standard error (instead of\n syslog) when running it from inetd.\n* 'git rebase' learned to take '--allow-empty-message' option.\n* 'git am' has learned the '--quit' option, in addition to the\n existing '--abort' option; having the pair mirrors a few other\n commands like 'rebase' and 'cherry-pick'.\n* 'git worktree add' learned to run the post-checkout hook, just like\n 'git clone' runs it upon the initial checkout.\n* 'git tag' learned an explicit '--edit' option that allows the\n message given via '-m' and '-F' to be further edited.\n* 'git fetch --prune-tags' may be used as a handy short-hand for\n getting rid of stale tags that are locally held.\n* The new '--show-current-patch' option gives an end-user facing way\n to get the diff being applied when 'git rebase' (and 'git am')\n stops with a conflict.\n* 'git add -p' used to offer '/' (look for a matching hunk) as a\n choice, even there was only one hunk, which has been corrected.\n Also the single-key help is now given only for keys that are\n enabled (e.g. help for '/' won't be shown when there is only one\n hunk).\n* Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when\n the side branch being merged is a descendant of the current commit,\n create a merge commit instead of fast-forwarding) when merging a\n tag object. This was appropriate default for integrators who pull\n signed tags from their downstream contributors, but caused an\n unnecessary merges when used by downstream contributors who\n habitually 'catch up' their topic branches with tagged releases\n from the upstream. Update 'git merge' to default to --no-ff only\n when merging a tag object that does *not* sit at its usual place in\n refs/tags/ hierarchy, and allow fast-forwarding otherwise, to\n mitigate the problem.\n* 'git status' can spend a lot of cycles to compute the relation\n between the current branch and its upstream, which can now be\n disabled with '--no-ahead-behind' option.\n* 'git diff' and friends learned funcname patterns for Go language\n source files.\n* 'git send-email' learned '--reply-to=<address>' option.\n* Funcname pattern used for C# now recognizes 'async' keyword.\n* In a way similar to how 'git tag' learned to honor the pager\n setting only in the list mode, 'git config' learned to ignore the\n pager setting when it is used for setting values (i.e. when the\n purpose of the operation is not to 'show').\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-598", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0598-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:0598-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VP5YOKSRLMTVAPQKPHEDGCOIZL5JKJW5/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:0598-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VP5YOKSRLMTVAPQKPHEDGCOIZL5JKJW5/", }, { category: "self", summary: "SUSE Bug 1063412", url: "https://bugzilla.suse.com/1063412", }, { category: "self", summary: "SUSE Bug 1095218", url: "https://bugzilla.suse.com/1095218", }, { category: "self", summary: "SUSE Bug 1095219", url: "https://bugzilla.suse.com/1095219", }, { category: "self", summary: "SUSE Bug 1110949", url: "https://bugzilla.suse.com/1110949", }, { category: "self", summary: "SUSE Bug 1112230", url: "https://bugzilla.suse.com/1112230", }, { category: "self", summary: "SUSE Bug 1114225", url: "https://bugzilla.suse.com/1114225", }, { category: "self", summary: "SUSE Bug 1132350", url: "https://bugzilla.suse.com/1132350", }, { category: "self", summary: "SUSE Bug 1149792", url: "https://bugzilla.suse.com/1149792", }, { category: "self", summary: "SUSE Bug 1156651", url: "https://bugzilla.suse.com/1156651", }, { category: "self", summary: "SUSE Bug 1158785", url: "https://bugzilla.suse.com/1158785", }, { category: "self", summary: "SUSE Bug 1158787", url: "https://bugzilla.suse.com/1158787", }, { category: "self", summary: "SUSE Bug 1158788", url: "https://bugzilla.suse.com/1158788", }, { category: "self", summary: "SUSE Bug 1158789", url: "https://bugzilla.suse.com/1158789", }, { category: "self", summary: "SUSE Bug 1158790", url: "https://bugzilla.suse.com/1158790", }, { category: "self", summary: "SUSE Bug 1158791", url: "https://bugzilla.suse.com/1158791", }, { category: "self", summary: "SUSE Bug 1158792", url: "https://bugzilla.suse.com/1158792", }, { category: "self", summary: "SUSE Bug 1158793", url: "https://bugzilla.suse.com/1158793", }, { category: "self", summary: "SUSE Bug 1158795", url: "https://bugzilla.suse.com/1158795", }, { category: "self", summary: "SUSE Bug 1167890", url: "https://bugzilla.suse.com/1167890", }, { category: "self", summary: "SUSE Bug 1168930", url: "https://bugzilla.suse.com/1168930", }, { category: "self", summary: "SUSE Bug 1169605", url: "https://bugzilla.suse.com/1169605", }, { category: "self", summary: "SUSE Bug 1169786", url: "https://bugzilla.suse.com/1169786", }, { category: "self", summary: "SUSE Bug 1169936", url: "https://bugzilla.suse.com/1169936", }, { category: "self", summary: "SUSE CVE CVE-2017-15298 page", url: "https://www.suse.com/security/cve/CVE-2017-15298/", }, { category: "self", summary: "SUSE CVE CVE-2018-11233 page", url: "https://www.suse.com/security/cve/CVE-2018-11233/", }, { category: "self", summary: "SUSE CVE CVE-2018-11235 page", url: "https://www.suse.com/security/cve/CVE-2018-11235/", }, { category: "self", summary: "SUSE CVE CVE-2018-17456 page", url: "https://www.suse.com/security/cve/CVE-2018-17456/", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, { category: "self", summary: "SUSE CVE CVE-2019-19604 page", url: "https://www.suse.com/security/cve/CVE-2019-19604/", }, { category: "self", summary: "SUSE CVE CVE-2020-11008 page", url: "https://www.suse.com/security/cve/CVE-2020-11008/", }, { category: "self", summary: "SUSE CVE CVE-2020-5260 page", url: "https://www.suse.com/security/cve/CVE-2020-5260/", }, ], title: "Security update for git", tracking: { current_release_date: "2020-05-01T18:28:21Z", generator: { date: "2020-05-01T18:28:21Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:0598-1", initial_release_date: "2020-05-01T18:28:21Z", revision_history: [ { date: "2020-05-01T18:28:21Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "git-doc-2.26.1-lp151.4.9.1.noarch", product: { name: "git-doc-2.26.1-lp151.4.9.1.noarch", product_id: "git-doc-2.26.1-lp151.4.9.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "git-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-2.26.1-lp151.4.9.1.x86_64", product_id: "git-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-arch-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-arch-2.26.1-lp151.4.9.1.x86_64", product_id: "git-arch-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-core-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-core-2.26.1-lp151.4.9.1.x86_64", product_id: "git-core-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", product_id: "git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", product_id: "git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-cvs-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-cvs-2.26.1-lp151.4.9.1.x86_64", product_id: "git-cvs-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-daemon-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-daemon-2.26.1-lp151.4.9.1.x86_64", product_id: "git-daemon-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-email-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-email-2.26.1-lp151.4.9.1.x86_64", product_id: "git-email-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-gui-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-gui-2.26.1-lp151.4.9.1.x86_64", product_id: "git-gui-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-p4-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-p4-2.26.1-lp151.4.9.1.x86_64", product_id: "git-p4-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-svn-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-svn-2.26.1-lp151.4.9.1.x86_64", product_id: "git-svn-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "git-web-2.26.1-lp151.4.9.1.x86_64", product: { name: "git-web-2.26.1-lp151.4.9.1.x86_64", product_id: "git-web-2.26.1-lp151.4.9.1.x86_64", }, }, { category: "product_version", name: "gitk-2.26.1-lp151.4.9.1.x86_64", product: { name: "gitk-2.26.1-lp151.4.9.1.x86_64", product_id: "gitk-2.26.1-lp151.4.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "git-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-arch-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-core-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-cvs-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-daemon-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.26.1-lp151.4.9.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", }, product_reference: "git-doc-2.26.1-lp151.4.9.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-email-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-gui-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-p4-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-svn-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "git-web-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.26.1-lp151.4.9.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", }, product_reference: "gitk-2.26.1-lp151.4.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-15298", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15298", }, ], notes: [ { category: "general", text: "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15298", url: "https://www.suse.com/security/cve/CVE-2017-15298", }, { category: "external", summary: "SUSE Bug 1063412 for CVE-2017-15298", url: "https://bugzilla.suse.com/1063412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "moderate", }, ], title: "CVE-2017-15298", }, { cve: "CVE-2018-11233", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11233", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11233", url: "https://www.suse.com/security/cve/CVE-2018-11233", }, { category: "external", summary: "SUSE Bug 1095218 for CVE-2018-11233", url: "https://bugzilla.suse.com/1095218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "important", }, ], title: "CVE-2018-11233", }, { cve: "CVE-2018-11235", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11235", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11235", url: "https://www.suse.com/security/cve/CVE-2018-11235", }, { category: "external", summary: "SUSE Bug 1095219 for CVE-2018-11235", url: "https://bugzilla.suse.com/1095219", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "important", }, ], title: "CVE-2018-11235", }, { cve: "CVE-2018-17456", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17456", }, ], notes: [ { category: "general", text: "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17456", url: "https://www.suse.com/security/cve/CVE-2018-17456", }, { category: "external", summary: "SUSE Bug 1110949 for CVE-2018-17456", url: "https://bugzilla.suse.com/1110949", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "important", }, ], title: "CVE-2018-17456", }, { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "important", }, ], title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19604", }, ], notes: [ { category: "general", text: "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-19604", url: "https://www.suse.com/security/cve/CVE-2019-19604", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158795 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158795", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "critical", }, ], title: "CVE-2019-19604", }, { cve: "CVE-2020-11008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11008", }, ], notes: [ { category: "general", text: "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11008", url: "https://www.suse.com/security/cve/CVE-2020-11008", }, { category: "external", summary: "SUSE Bug 1169936 for CVE-2020-11008", url: "https://bugzilla.suse.com/1169936", }, { category: "external", summary: "SUSE Bug 1170741 for CVE-2020-11008", url: "https://bugzilla.suse.com/1170741", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "moderate", }, ], title: "CVE-2020-11008", }, { cve: "CVE-2020-5260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5260", }, ], notes: [ { category: "general", text: "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-5260", url: "https://www.suse.com/security/cve/CVE-2020-5260", }, { category: "external", summary: "SUSE Bug 1168930 for CVE-2020-5260", url: "https://bugzilla.suse.com/1168930", }, { category: "external", summary: "SUSE Bug 1169936 for CVE-2020-5260", url: "https://bugzilla.suse.com/1169936", }, { category: "external", summary: "SUSE Bug 1170741 for CVE-2020-5260", url: "https://bugzilla.suse.com/1170741", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-arch-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-core-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-doc-2.26.1-lp151.4.9.1.noarch", "openSUSE Leap 15.1:git-email-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-gui-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-p4-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-svn-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:git-web-2.26.1-lp151.4.9.1.x86_64", "openSUSE Leap 15.1:gitk-2.26.1-lp151.4.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-05-01T18:28:21Z", details: "important", }, ], title: "CVE-2020-5260", }, ], }
opensuse-su-2024:10786-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
git-2.33.0-1.3 on GA media
Notes
Title of the patch
git-2.33.0-1.3 on GA media
Description of the patch
These are all security issues fixed in the git-2.33.0-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10786
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "git-2.33.0-1.3 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the git-2.33.0-1.3 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10786", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10786-1.json", }, { category: "self", summary: "SUSE CVE CVE-2005-4900 page", url: "https://www.suse.com/security/cve/CVE-2005-4900/", }, { category: "self", summary: "SUSE CVE CVE-2017-1000117 page", url: "https://www.suse.com/security/cve/CVE-2017-1000117/", }, { category: "self", summary: "SUSE CVE CVE-2017-14867 page", url: "https://www.suse.com/security/cve/CVE-2017-14867/", }, { category: "self", summary: "SUSE CVE CVE-2017-15298 page", url: "https://www.suse.com/security/cve/CVE-2017-15298/", }, { category: "self", summary: "SUSE CVE CVE-2017-8386 page", url: "https://www.suse.com/security/cve/CVE-2017-8386/", }, { category: "self", summary: "SUSE CVE CVE-2018-11233 page", url: "https://www.suse.com/security/cve/CVE-2018-11233/", }, { category: "self", summary: "SUSE CVE CVE-2018-11235 page", url: "https://www.suse.com/security/cve/CVE-2018-11235/", }, { category: "self", summary: "SUSE CVE CVE-2018-17456 page", url: "https://www.suse.com/security/cve/CVE-2018-17456/", }, { category: "self", summary: "SUSE CVE CVE-2018-19486 page", url: "https://www.suse.com/security/cve/CVE-2018-19486/", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, { category: "self", summary: "SUSE CVE CVE-2019-19604 page", url: "https://www.suse.com/security/cve/CVE-2019-19604/", }, { category: "self", summary: "SUSE CVE CVE-2020-11008 page", url: "https://www.suse.com/security/cve/CVE-2020-11008/", }, { category: "self", summary: "SUSE CVE CVE-2020-5260 page", url: "https://www.suse.com/security/cve/CVE-2020-5260/", }, { category: "self", summary: "SUSE CVE CVE-2021-21300 page", url: "https://www.suse.com/security/cve/CVE-2021-21300/", }, ], title: "git-2.33.0-1.3 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10786-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "git-2.33.0-1.3.aarch64", product: { name: "git-2.33.0-1.3.aarch64", product_id: "git-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-arch-2.33.0-1.3.aarch64", product: { name: "git-arch-2.33.0-1.3.aarch64", product_id: "git-arch-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-core-2.33.0-1.3.aarch64", product: { name: "git-core-2.33.0-1.3.aarch64", product_id: "git-core-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.33.0-1.3.aarch64", product: { name: "git-credential-gnome-keyring-2.33.0-1.3.aarch64", product_id: "git-credential-gnome-keyring-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-credential-libsecret-2.33.0-1.3.aarch64", product: { name: "git-credential-libsecret-2.33.0-1.3.aarch64", product_id: "git-credential-libsecret-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-cvs-2.33.0-1.3.aarch64", product: { name: "git-cvs-2.33.0-1.3.aarch64", product_id: "git-cvs-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-daemon-2.33.0-1.3.aarch64", product: { name: "git-daemon-2.33.0-1.3.aarch64", product_id: "git-daemon-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-doc-2.33.0-1.3.aarch64", product: { name: "git-doc-2.33.0-1.3.aarch64", product_id: "git-doc-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-email-2.33.0-1.3.aarch64", product: { name: "git-email-2.33.0-1.3.aarch64", product_id: "git-email-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-gui-2.33.0-1.3.aarch64", product: { name: "git-gui-2.33.0-1.3.aarch64", product_id: "git-gui-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-p4-2.33.0-1.3.aarch64", product: { name: "git-p4-2.33.0-1.3.aarch64", product_id: "git-p4-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-svn-2.33.0-1.3.aarch64", product: { name: "git-svn-2.33.0-1.3.aarch64", product_id: "git-svn-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "git-web-2.33.0-1.3.aarch64", product: { name: "git-web-2.33.0-1.3.aarch64", product_id: "git-web-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "gitk-2.33.0-1.3.aarch64", product: { name: "gitk-2.33.0-1.3.aarch64", product_id: "gitk-2.33.0-1.3.aarch64", }, }, { category: "product_version", name: "perl-Git-2.33.0-1.3.aarch64", product: { name: "perl-Git-2.33.0-1.3.aarch64", product_id: "perl-Git-2.33.0-1.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "git-2.33.0-1.3.ppc64le", product: { name: "git-2.33.0-1.3.ppc64le", product_id: "git-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-arch-2.33.0-1.3.ppc64le", product: { name: "git-arch-2.33.0-1.3.ppc64le", product_id: "git-arch-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-core-2.33.0-1.3.ppc64le", product: { name: "git-core-2.33.0-1.3.ppc64le", product_id: "git-core-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.33.0-1.3.ppc64le", product: { name: "git-credential-gnome-keyring-2.33.0-1.3.ppc64le", product_id: "git-credential-gnome-keyring-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-credential-libsecret-2.33.0-1.3.ppc64le", product: { name: "git-credential-libsecret-2.33.0-1.3.ppc64le", product_id: "git-credential-libsecret-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-cvs-2.33.0-1.3.ppc64le", product: { name: "git-cvs-2.33.0-1.3.ppc64le", product_id: "git-cvs-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-daemon-2.33.0-1.3.ppc64le", product: { name: "git-daemon-2.33.0-1.3.ppc64le", product_id: "git-daemon-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-doc-2.33.0-1.3.ppc64le", product: { name: "git-doc-2.33.0-1.3.ppc64le", product_id: "git-doc-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-email-2.33.0-1.3.ppc64le", product: { name: "git-email-2.33.0-1.3.ppc64le", product_id: "git-email-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-gui-2.33.0-1.3.ppc64le", product: { name: "git-gui-2.33.0-1.3.ppc64le", product_id: "git-gui-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-p4-2.33.0-1.3.ppc64le", product: { name: "git-p4-2.33.0-1.3.ppc64le", product_id: "git-p4-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-svn-2.33.0-1.3.ppc64le", product: { name: "git-svn-2.33.0-1.3.ppc64le", product_id: "git-svn-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "git-web-2.33.0-1.3.ppc64le", product: { name: "git-web-2.33.0-1.3.ppc64le", product_id: "git-web-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "gitk-2.33.0-1.3.ppc64le", product: { name: "gitk-2.33.0-1.3.ppc64le", product_id: "gitk-2.33.0-1.3.ppc64le", }, }, { category: "product_version", name: "perl-Git-2.33.0-1.3.ppc64le", product: { name: "perl-Git-2.33.0-1.3.ppc64le", product_id: "perl-Git-2.33.0-1.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "git-2.33.0-1.3.s390x", product: { name: "git-2.33.0-1.3.s390x", product_id: "git-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-arch-2.33.0-1.3.s390x", product: { name: "git-arch-2.33.0-1.3.s390x", product_id: "git-arch-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-core-2.33.0-1.3.s390x", product: { name: "git-core-2.33.0-1.3.s390x", product_id: "git-core-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.33.0-1.3.s390x", product: { name: "git-credential-gnome-keyring-2.33.0-1.3.s390x", product_id: "git-credential-gnome-keyring-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-credential-libsecret-2.33.0-1.3.s390x", product: { name: "git-credential-libsecret-2.33.0-1.3.s390x", product_id: "git-credential-libsecret-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-cvs-2.33.0-1.3.s390x", product: { name: "git-cvs-2.33.0-1.3.s390x", product_id: "git-cvs-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-daemon-2.33.0-1.3.s390x", product: { name: "git-daemon-2.33.0-1.3.s390x", product_id: "git-daemon-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-doc-2.33.0-1.3.s390x", product: { name: "git-doc-2.33.0-1.3.s390x", product_id: "git-doc-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-email-2.33.0-1.3.s390x", product: { name: "git-email-2.33.0-1.3.s390x", product_id: "git-email-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-gui-2.33.0-1.3.s390x", product: { name: "git-gui-2.33.0-1.3.s390x", product_id: "git-gui-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-p4-2.33.0-1.3.s390x", product: { name: "git-p4-2.33.0-1.3.s390x", product_id: "git-p4-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-svn-2.33.0-1.3.s390x", product: { name: "git-svn-2.33.0-1.3.s390x", product_id: "git-svn-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "git-web-2.33.0-1.3.s390x", product: { name: "git-web-2.33.0-1.3.s390x", product_id: "git-web-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "gitk-2.33.0-1.3.s390x", product: { name: "gitk-2.33.0-1.3.s390x", product_id: "gitk-2.33.0-1.3.s390x", }, }, { category: "product_version", name: "perl-Git-2.33.0-1.3.s390x", product: { name: "perl-Git-2.33.0-1.3.s390x", product_id: "perl-Git-2.33.0-1.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "git-2.33.0-1.3.x86_64", product: { name: "git-2.33.0-1.3.x86_64", product_id: "git-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-arch-2.33.0-1.3.x86_64", product: { name: "git-arch-2.33.0-1.3.x86_64", product_id: "git-arch-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-core-2.33.0-1.3.x86_64", product: { name: "git-core-2.33.0-1.3.x86_64", product_id: "git-core-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.33.0-1.3.x86_64", product: { name: "git-credential-gnome-keyring-2.33.0-1.3.x86_64", product_id: "git-credential-gnome-keyring-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-credential-libsecret-2.33.0-1.3.x86_64", product: { name: "git-credential-libsecret-2.33.0-1.3.x86_64", product_id: "git-credential-libsecret-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-cvs-2.33.0-1.3.x86_64", product: { name: "git-cvs-2.33.0-1.3.x86_64", product_id: "git-cvs-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-daemon-2.33.0-1.3.x86_64", product: { name: "git-daemon-2.33.0-1.3.x86_64", product_id: "git-daemon-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-doc-2.33.0-1.3.x86_64", product: { name: "git-doc-2.33.0-1.3.x86_64", product_id: "git-doc-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-email-2.33.0-1.3.x86_64", product: { name: "git-email-2.33.0-1.3.x86_64", product_id: "git-email-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-gui-2.33.0-1.3.x86_64", product: { name: "git-gui-2.33.0-1.3.x86_64", product_id: "git-gui-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-p4-2.33.0-1.3.x86_64", product: { name: "git-p4-2.33.0-1.3.x86_64", product_id: "git-p4-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-svn-2.33.0-1.3.x86_64", product: { name: "git-svn-2.33.0-1.3.x86_64", product_id: "git-svn-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "git-web-2.33.0-1.3.x86_64", product: { name: "git-web-2.33.0-1.3.x86_64", product_id: "git-web-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "gitk-2.33.0-1.3.x86_64", product: { name: "gitk-2.33.0-1.3.x86_64", product_id: "gitk-2.33.0-1.3.x86_64", }, }, { category: "product_version", name: "perl-Git-2.33.0-1.3.x86_64", product: { name: "perl-Git-2.33.0-1.3.x86_64", product_id: "perl-Git-2.33.0-1.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "git-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", }, product_reference: "git-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", }, product_reference: "git-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", }, product_reference: "git-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", }, product_reference: "git-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", }, product_reference: "git-arch-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", }, product_reference: "git-arch-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", }, product_reference: "git-arch-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", }, product_reference: "git-arch-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-core-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", }, product_reference: "git-core-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-core-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", }, product_reference: "git-core-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-core-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", }, product_reference: "git-core-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-core-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", }, product_reference: "git-core-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", }, product_reference: "git-credential-gnome-keyring-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", }, product_reference: "git-credential-gnome-keyring-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", }, product_reference: "git-credential-gnome-keyring-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", }, product_reference: "git-credential-gnome-keyring-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", }, product_reference: "git-credential-libsecret-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", }, product_reference: "git-credential-libsecret-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", }, product_reference: "git-credential-libsecret-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", }, product_reference: "git-credential-libsecret-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", }, product_reference: "git-cvs-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", }, product_reference: "git-cvs-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", }, product_reference: "git-cvs-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", }, product_reference: "git-cvs-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", }, product_reference: "git-daemon-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", }, product_reference: "git-daemon-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", }, product_reference: "git-daemon-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", }, product_reference: "git-daemon-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", }, product_reference: "git-doc-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", }, product_reference: "git-doc-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", }, product_reference: "git-doc-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", }, product_reference: "git-doc-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-email-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", }, product_reference: "git-email-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-email-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", }, product_reference: "git-email-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-email-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", }, product_reference: "git-email-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-email-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", }, product_reference: "git-email-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", }, product_reference: "git-gui-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", }, product_reference: "git-gui-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", }, product_reference: "git-gui-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", }, product_reference: "git-gui-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", }, product_reference: "git-p4-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", }, product_reference: "git-p4-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", }, product_reference: "git-p4-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", }, product_reference: "git-p4-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", }, product_reference: "git-svn-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", }, product_reference: "git-svn-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", }, product_reference: "git-svn-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", }, product_reference: "git-svn-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-web-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", }, product_reference: "git-web-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-web-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", }, product_reference: "git-web-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-web-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", }, product_reference: "git-web-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "git-web-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", }, product_reference: "git-web-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "gitk-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", }, product_reference: "gitk-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "gitk-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", }, product_reference: "gitk-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "gitk-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", }, product_reference: "gitk-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "gitk-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", }, product_reference: "gitk-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "perl-Git-2.33.0-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", }, product_reference: "perl-Git-2.33.0-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "perl-Git-2.33.0-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", }, product_reference: "perl-Git-2.33.0-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "perl-Git-2.33.0-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", }, product_reference: "perl-Git-2.33.0-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "perl-Git-2.33.0-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", }, product_reference: "perl-Git-2.33.0-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2005-4900", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2005-4900", }, ], notes: [ { category: "general", text: "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2005-4900", url: "https://www.suse.com/security/cve/CVE-2005-4900", }, { category: "external", summary: "SUSE Bug 1026646 for CVE-2005-4900", url: "https://bugzilla.suse.com/1026646", }, { category: "external", summary: "SUSE Bug 1026936 for CVE-2005-4900", url: "https://bugzilla.suse.com/1026936", }, { category: "external", summary: "SUSE Bug 1042640 for CVE-2005-4900", url: "https://bugzilla.suse.com/1042640", }, { category: "external", summary: "SUSE Bug 1150998 for CVE-2005-4900", url: "https://bugzilla.suse.com/1150998", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2005-4900", }, { cve: "CVE-2017-1000117", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000117", }, ], notes: [ { category: "general", text: "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000117", url: "https://www.suse.com/security/cve/CVE-2017-1000117", }, { category: "external", summary: "SUSE Bug 1052481 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1052481", }, { category: "external", summary: "SUSE Bug 1052696 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1052696", }, { category: "external", summary: "SUSE Bug 1052932 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1052932", }, { category: "external", summary: "SUSE Bug 1053364 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1053364", }, { category: "external", summary: "SUSE Bug 1053600 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1053600", }, { category: "external", summary: "SUSE Bug 1053919 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1053919", }, { category: "external", summary: "SUSE Bug 1054653 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1054653", }, { category: "external", summary: "SUSE Bug 1058214 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1058214", }, { category: "external", summary: "SUSE Bug 1066430 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1066430", }, { category: "external", summary: "SUSE Bug 1071709 for CVE-2017-1000117", url: "https://bugzilla.suse.com/1071709", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-1000117", }, { cve: "CVE-2017-14867", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-14867", }, ], notes: [ { category: "general", text: "Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-14867", url: "https://www.suse.com/security/cve/CVE-2017-14867", }, { category: "external", summary: "SUSE Bug 1060377 for CVE-2017-14867", url: "https://bugzilla.suse.com/1060377", }, { category: "external", summary: "SUSE Bug 1060378 for CVE-2017-14867", url: "https://bugzilla.suse.com/1060378", }, { category: "external", summary: "SUSE Bug 1061041 for CVE-2017-14867", url: "https://bugzilla.suse.com/1061041", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-14867", }, { cve: "CVE-2017-15298", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15298", }, ], notes: [ { category: "general", text: "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15298", url: "https://www.suse.com/security/cve/CVE-2017-15298", }, { category: "external", summary: "SUSE Bug 1063412 for CVE-2017-15298", url: "https://bugzilla.suse.com/1063412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-15298", }, { cve: "CVE-2017-8386", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-8386", }, ], notes: [ { category: "general", text: "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-8386", url: "https://www.suse.com/security/cve/CVE-2017-8386", }, { category: "external", summary: "SUSE Bug 1038395 for CVE-2017-8386", url: "https://bugzilla.suse.com/1038395", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-8386", }, { cve: "CVE-2018-11233", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11233", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11233", url: "https://www.suse.com/security/cve/CVE-2018-11233", }, { category: "external", summary: "SUSE Bug 1095218 for CVE-2018-11233", url: "https://bugzilla.suse.com/1095218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-11233", }, { cve: "CVE-2018-11235", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11235", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11235", url: "https://www.suse.com/security/cve/CVE-2018-11235", }, { category: "external", summary: "SUSE Bug 1095219 for CVE-2018-11235", url: "https://bugzilla.suse.com/1095219", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-11235", }, { cve: "CVE-2018-17456", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17456", }, ], notes: [ { category: "general", text: "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17456", url: "https://www.suse.com/security/cve/CVE-2018-17456", }, { category: "external", summary: "SUSE Bug 1110949 for CVE-2018-17456", url: "https://bugzilla.suse.com/1110949", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-17456", }, { cve: "CVE-2018-19486", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-19486", }, ], notes: [ { category: "general", text: "Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-19486", url: "https://www.suse.com/security/cve/CVE-2018-19486", }, { category: "external", summary: "SUSE Bug 1117257 for CVE-2018-19486", url: "https://bugzilla.suse.com/1117257", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-19486", }, { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19604", }, ], notes: [ { category: "general", text: "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-19604", url: "https://www.suse.com/security/cve/CVE-2019-19604", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158795 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158795", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-19604", }, { cve: "CVE-2020-11008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11008", }, ], notes: [ { category: "general", text: "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11008", url: "https://www.suse.com/security/cve/CVE-2020-11008", }, { category: "external", summary: "SUSE Bug 1169936 for CVE-2020-11008", url: "https://bugzilla.suse.com/1169936", }, { category: "external", summary: "SUSE Bug 1170741 for CVE-2020-11008", url: "https://bugzilla.suse.com/1170741", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-11008", }, { cve: "CVE-2020-5260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5260", }, ], notes: [ { category: "general", text: "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-5260", url: "https://www.suse.com/security/cve/CVE-2020-5260", }, { category: "external", summary: "SUSE Bug 1168930 for CVE-2020-5260", url: "https://bugzilla.suse.com/1168930", }, { category: "external", summary: "SUSE Bug 1169936 for CVE-2020-5260", url: "https://bugzilla.suse.com/1169936", }, { category: "external", summary: "SUSE Bug 1170741 for CVE-2020-5260", url: "https://bugzilla.suse.com/1170741", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-5260", }, { cve: "CVE-2021-21300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-21300", }, ], notes: [ { category: "general", text: "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-21300", url: "https://www.suse.com/security/cve/CVE-2021-21300", }, { category: "external", summary: "SUSE Bug 1183026 for CVE-2021-21300", url: "https://bugzilla.suse.com/1183026", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-arch-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-core-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-core-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-core-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-gnome-keyring-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-credential-libsecret-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-cvs-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-daemon-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-doc-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-email-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-email-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-email-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-gui-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-p4-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-svn-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:git-web-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:git-web-2.33.0-1.3.s390x", "openSUSE Tumbleweed:git-web-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:gitk-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:gitk-2.33.0-1.3.s390x", "openSUSE Tumbleweed:gitk-2.33.0-1.3.x86_64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.aarch64", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.ppc64le", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.s390x", "openSUSE Tumbleweed:perl-Git-2.33.0-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-21300", }, ], }
opensuse-su-2020:0123-1
Vulnerability from csaf_opensuse
Published
2020-01-29 05:11
Modified
2020-01-29 05:11
Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
Security issues fixed:
- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).
- Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023)
Bug fixes:
- Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-123
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for git", title: "Title of the patch", }, { category: "description", text: "This update for git fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).\n- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).\n- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).\n- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).\n- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).\n- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).\n- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).\n- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).\n- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).\n- Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023)\n\nBug fixes:\n\n- Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-123", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0123-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:0123-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MGTC3VP4MCFQ5HPSFYOHMPVGOI32A7EM/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:0123-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MGTC3VP4MCFQ5HPSFYOHMPVGOI32A7EM/", }, { category: "self", summary: "SUSE Bug 1082023", url: "https://bugzilla.suse.com/1082023", }, { category: "self", summary: "SUSE Bug 1149792", url: "https://bugzilla.suse.com/1149792", }, { category: "self", summary: "SUSE Bug 1158785", url: "https://bugzilla.suse.com/1158785", }, { category: "self", summary: "SUSE Bug 1158787", url: "https://bugzilla.suse.com/1158787", }, { category: "self", summary: "SUSE Bug 1158788", url: "https://bugzilla.suse.com/1158788", }, { category: "self", summary: "SUSE Bug 1158789", url: "https://bugzilla.suse.com/1158789", }, { category: "self", summary: "SUSE Bug 1158790", url: "https://bugzilla.suse.com/1158790", }, { category: "self", summary: "SUSE Bug 1158791", url: "https://bugzilla.suse.com/1158791", }, { category: "self", summary: "SUSE Bug 1158792", url: "https://bugzilla.suse.com/1158792", }, { category: "self", summary: "SUSE Bug 1158793", url: "https://bugzilla.suse.com/1158793", }, { category: "self", summary: "SUSE Bug 1158795", url: "https://bugzilla.suse.com/1158795", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, { category: "self", summary: "SUSE CVE CVE-2019-19604 page", url: "https://www.suse.com/security/cve/CVE-2019-19604/", }, ], title: "Security update for git", tracking: { current_release_date: "2020-01-29T05:11:28Z", generator: { date: "2020-01-29T05:11:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:0123-1", initial_release_date: "2020-01-29T05:11:28Z", revision_history: [ { date: "2020-01-29T05:11:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "git-2.16.4-lp151.4.3.1.i586", product: { name: "git-2.16.4-lp151.4.3.1.i586", product_id: "git-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-arch-2.16.4-lp151.4.3.1.i586", product: { name: "git-arch-2.16.4-lp151.4.3.1.i586", product_id: "git-arch-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-core-2.16.4-lp151.4.3.1.i586", product: { name: "git-core-2.16.4-lp151.4.3.1.i586", product_id: "git-core-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", product: { name: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", product_id: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-lp151.4.3.1.i586", product: { name: "git-credential-libsecret-2.16.4-lp151.4.3.1.i586", product_id: "git-credential-libsecret-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-cvs-2.16.4-lp151.4.3.1.i586", product: { name: "git-cvs-2.16.4-lp151.4.3.1.i586", product_id: "git-cvs-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-daemon-2.16.4-lp151.4.3.1.i586", product: { name: "git-daemon-2.16.4-lp151.4.3.1.i586", product_id: "git-daemon-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-email-2.16.4-lp151.4.3.1.i586", product: { name: "git-email-2.16.4-lp151.4.3.1.i586", product_id: "git-email-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-gui-2.16.4-lp151.4.3.1.i586", product: { name: "git-gui-2.16.4-lp151.4.3.1.i586", product_id: "git-gui-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-p4-2.16.4-lp151.4.3.1.i586", product: { name: "git-p4-2.16.4-lp151.4.3.1.i586", product_id: "git-p4-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-svn-2.16.4-lp151.4.3.1.i586", product: { name: "git-svn-2.16.4-lp151.4.3.1.i586", product_id: "git-svn-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "git-web-2.16.4-lp151.4.3.1.i586", product: { name: "git-web-2.16.4-lp151.4.3.1.i586", product_id: "git-web-2.16.4-lp151.4.3.1.i586", }, }, { category: "product_version", name: "gitk-2.16.4-lp151.4.3.1.i586", product: { name: "gitk-2.16.4-lp151.4.3.1.i586", product_id: "gitk-2.16.4-lp151.4.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "git-doc-2.16.4-lp151.4.3.1.noarch", product: { name: "git-doc-2.16.4-lp151.4.3.1.noarch", product_id: "git-doc-2.16.4-lp151.4.3.1.noarch", }, }, { category: "product_version", name: "perl-Authen-SASL-2.16-lp151.3.3.1.noarch", product: { name: "perl-Authen-SASL-2.16-lp151.3.3.1.noarch", product_id: "perl-Authen-SASL-2.16-lp151.3.3.1.noarch", }, }, { category: "product_version", name: "perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", product: { name: "perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", product_id: "perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "git-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-2.16.4-lp151.4.3.1.x86_64", product_id: "git-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-arch-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-arch-2.16.4-lp151.4.3.1.x86_64", product_id: "git-arch-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-core-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-core-2.16.4-lp151.4.3.1.x86_64", product_id: "git-core-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", product_id: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", product_id: "git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-cvs-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-cvs-2.16.4-lp151.4.3.1.x86_64", product_id: "git-cvs-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-daemon-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-daemon-2.16.4-lp151.4.3.1.x86_64", product_id: "git-daemon-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-email-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-email-2.16.4-lp151.4.3.1.x86_64", product_id: "git-email-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-gui-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-gui-2.16.4-lp151.4.3.1.x86_64", product_id: "git-gui-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-p4-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-p4-2.16.4-lp151.4.3.1.x86_64", product_id: "git-p4-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-svn-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-svn-2.16.4-lp151.4.3.1.x86_64", product_id: "git-svn-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "git-web-2.16.4-lp151.4.3.1.x86_64", product: { name: "git-web-2.16.4-lp151.4.3.1.x86_64", product_id: "git-web-2.16.4-lp151.4.3.1.x86_64", }, }, { category: "product_version", name: "gitk-2.16.4-lp151.4.3.1.x86_64", product: { name: "gitk-2.16.4-lp151.4.3.1.x86_64", product_id: "gitk-2.16.4-lp151.4.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "git-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-arch-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-arch-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-core-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-core-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-credential-libsecret-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-cvs-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-cvs-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-daemon-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-daemon-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.16.4-lp151.4.3.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", }, product_reference: "git-doc-2.16.4-lp151.4.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-email-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-email-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-gui-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-gui-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-p4-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-p4-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-p4-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-svn-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-svn-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", }, product_reference: "git-web-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "git-web-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-lp151.4.3.1.i586 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", }, product_reference: "gitk-2.16.4-lp151.4.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", }, product_reference: "gitk-2.16.4-lp151.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "perl-Authen-SASL-2.16-lp151.3.3.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", }, product_reference: "perl-Authen-SASL-2.16-lp151.3.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", }, product_reference: "perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "important", }, ], title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19604", }, ], notes: [ { category: "general", text: "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-19604", url: "https://www.suse.com/security/cve/CVE-2019-19604", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158795 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158795", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-arch-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-core-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-gnome-keyring-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-credential-libsecret-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-cvs-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-daemon-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-doc-2.16.4-lp151.4.3.1.noarch", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-email-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-gui-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-p4-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-svn-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:git-web-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.i586", "openSUSE Leap 15.1:gitk-2.16.4-lp151.4.3.1.x86_64", "openSUSE Leap 15.1:perl-Authen-SASL-2.16-lp151.3.3.1.noarch", "openSUSE Leap 15.1:perl-Net-SMTP-SSL-1.04-lp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-29T05:11:28Z", details: "critical", }, ], title: "CVE-2019-19604", }, ], }
fkie_cve-2019-1353
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "CD0FE176-63B7-4176-8319-80CD3D7C524E", versionEndExcluding: "2.14.6", versionStartIncluding: "2.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "7FA79B4D-1A29-4520-ACF7-BBD5B2696ABA", versionEndExcluding: "2.15.4", versionStartIncluding: "2.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "DB018182-B15F-47BC-85FA-6847BB37844A", versionEndExcluding: "2.16.6", versionStartIncluding: "2.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "19CF821B-9ECC-4F6C-B0BC-7361370776C5", versionEndExcluding: "2.17.3", versionStartIncluding: "2.17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "84278A89-0D1B-4CFD-9B31-68D8D7327E65", versionEndExcluding: "2.18.2", versionStartIncluding: "2.18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "7B4FA857-692C-4C00-A170-1F31E6D9563E", versionEndExcluding: "2.19.3", versionStartIncluding: "2.19.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "BD4C8899-C9E7-4DFC-BE17-D5D67B9B5FFB", versionEndExcluding: "2.20.2", versionStartIncluding: "2.20.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "4392299F-8DFB-4ADF-BAA8-4415D459E8EE", versionEndExcluding: "2.21.1", versionStartIncluding: "2.21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "025C10E9-40A6-408C-AE2C-5FC55E788775", versionEndExcluding: "2.22.2", versionStartIncluding: "2.22.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "C9073ABE-276B-4301-B39C-B9BB6C1AA681", versionEndExcluding: "2.23.1", versionStartIncluding: "2.23.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "B6D58347-1CE3-4AEA-9617-2F46CCBE167E", versionEndExcluding: "2.24.1", versionStartIncluding: "2.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", }, { lang: "es", value: "El controlador IEC870IP para Vijeo Citect y Citect SCADA de AVENA y Power SCADA Operation de Schneider Electric, presenta una vulnerabilidad de desbordamiento de búfer que podría resultar en un bloqueo del lado del servidor.", }, ], id: "CVE-2019-1353", lastModified: "2024-11-21T04:36:32.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T22:15:19.253", references: [ { source: "secure@microsoft.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "secure@microsoft.com", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "secure@microsoft.com", url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u", }, { source: "secure@microsoft.com", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "secure@microsoft.com", url: "https://security.gentoo.org/glsa/202003-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-30", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
suse-su-2019:3311-1
Vulnerability from csaf_suse
Published
2019-12-16 13:55
Modified
2019-12-16 13:55
Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
Security issues fixed:
- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).
- Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023)
Patchnames
HPE-Helion-OpenStack-8-2019-3311,SUSE-2019-3311,SUSE-OpenStack-Cloud-7-2019-3311,SUSE-OpenStack-Cloud-8-2019-3311,SUSE-SLE-SAP-12-SP2-2019-3311,SUSE-SLE-SAP-12-SP3-2019-3311,SUSE-SLE-SDK-12-SP4-2019-3311,SUSE-SLE-SDK-12-SP5-2019-3311,SUSE-SLE-SERVER-12-SP1-2019-3311,SUSE-SLE-SERVER-12-SP2-2019-3311,SUSE-SLE-SERVER-12-SP2-BCL-2019-3311,SUSE-SLE-SERVER-12-SP3-2019-3311,SUSE-SLE-SERVER-12-SP3-BCL-2019-3311,SUSE-SLE-SERVER-12-SP4-2019-3311,SUSE-SLE-SERVER-12-SP5-2019-3311,SUSE-Storage-5-2019-3311
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for git", title: "Title of the patch", }, { category: "description", text: "This update for git fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).\n- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).\n- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).\n- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).\n- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).\n- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).\n- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).\n- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).\n- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).\n- Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023)\n", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2019-3311,SUSE-2019-3311,SUSE-OpenStack-Cloud-7-2019-3311,SUSE-OpenStack-Cloud-8-2019-3311,SUSE-SLE-SAP-12-SP2-2019-3311,SUSE-SLE-SAP-12-SP3-2019-3311,SUSE-SLE-SDK-12-SP4-2019-3311,SUSE-SLE-SDK-12-SP5-2019-3311,SUSE-SLE-SERVER-12-SP1-2019-3311,SUSE-SLE-SERVER-12-SP2-2019-3311,SUSE-SLE-SERVER-12-SP2-BCL-2019-3311,SUSE-SLE-SERVER-12-SP3-2019-3311,SUSE-SLE-SERVER-12-SP3-BCL-2019-3311,SUSE-SLE-SERVER-12-SP4-2019-3311,SUSE-SLE-SERVER-12-SP5-2019-3311,SUSE-Storage-5-2019-3311", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3311-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:3311-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193311-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:3311-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006258.html", }, { category: "self", summary: "SUSE Bug 1082023", url: "https://bugzilla.suse.com/1082023", }, { category: "self", summary: "SUSE Bug 1158785", url: "https://bugzilla.suse.com/1158785", }, { category: "self", summary: "SUSE Bug 1158787", url: "https://bugzilla.suse.com/1158787", }, { category: "self", summary: "SUSE Bug 1158788", url: "https://bugzilla.suse.com/1158788", }, { category: "self", summary: "SUSE Bug 1158789", url: "https://bugzilla.suse.com/1158789", }, { category: "self", summary: "SUSE Bug 1158790", url: "https://bugzilla.suse.com/1158790", }, { category: "self", summary: "SUSE Bug 1158791", url: "https://bugzilla.suse.com/1158791", }, { category: "self", summary: "SUSE Bug 1158792", url: "https://bugzilla.suse.com/1158792", }, { category: "self", summary: "SUSE Bug 1158793", url: "https://bugzilla.suse.com/1158793", }, { category: "self", summary: "SUSE Bug 1158795", url: "https://bugzilla.suse.com/1158795", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, { category: "self", summary: "SUSE CVE CVE-2019-19604 page", url: "https://www.suse.com/security/cve/CVE-2019-19604/", }, ], title: "Security update for git", tracking: { current_release_date: "2019-12-16T13:55:39Z", generator: { date: "2019-12-16T13:55:39Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:3311-1", initial_release_date: "2019-12-16T13:55:39Z", revision_history: [ { date: "2019-12-16T13:55:39Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "git-2.12.3-27.22.1.aarch64", product: { name: "git-2.12.3-27.22.1.aarch64", product_id: "git-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-arch-2.12.3-27.22.1.aarch64", product: { name: "git-arch-2.12.3-27.22.1.aarch64", product_id: "git-arch-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-core-2.12.3-27.22.1.aarch64", product: { name: "git-core-2.12.3-27.22.1.aarch64", product_id: "git-core-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.12.3-27.22.1.aarch64", product: { name: "git-credential-gnome-keyring-2.12.3-27.22.1.aarch64", product_id: "git-credential-gnome-keyring-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-cvs-2.12.3-27.22.1.aarch64", product: { name: "git-cvs-2.12.3-27.22.1.aarch64", product_id: "git-cvs-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-daemon-2.12.3-27.22.1.aarch64", product: { name: "git-daemon-2.12.3-27.22.1.aarch64", product_id: "git-daemon-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-email-2.12.3-27.22.1.aarch64", product: { name: "git-email-2.12.3-27.22.1.aarch64", product_id: "git-email-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-gui-2.12.3-27.22.1.aarch64", product: { name: "git-gui-2.12.3-27.22.1.aarch64", product_id: "git-gui-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-svn-2.12.3-27.22.1.aarch64", product: { name: "git-svn-2.12.3-27.22.1.aarch64", product_id: "git-svn-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "git-web-2.12.3-27.22.1.aarch64", product: { name: "git-web-2.12.3-27.22.1.aarch64", product_id: "git-web-2.12.3-27.22.1.aarch64", }, }, { category: "product_version", name: "gitk-2.12.3-27.22.1.aarch64", product: { name: "gitk-2.12.3-27.22.1.aarch64", product_id: "gitk-2.12.3-27.22.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "git-2.12.3-27.22.1.i586", product: { name: "git-2.12.3-27.22.1.i586", product_id: "git-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-arch-2.12.3-27.22.1.i586", product: { name: "git-arch-2.12.3-27.22.1.i586", product_id: "git-arch-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-core-2.12.3-27.22.1.i586", product: { name: "git-core-2.12.3-27.22.1.i586", product_id: "git-core-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.12.3-27.22.1.i586", product: { name: "git-credential-gnome-keyring-2.12.3-27.22.1.i586", product_id: "git-credential-gnome-keyring-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-cvs-2.12.3-27.22.1.i586", product: { name: "git-cvs-2.12.3-27.22.1.i586", product_id: "git-cvs-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-daemon-2.12.3-27.22.1.i586", product: { name: "git-daemon-2.12.3-27.22.1.i586", product_id: "git-daemon-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-email-2.12.3-27.22.1.i586", product: { name: "git-email-2.12.3-27.22.1.i586", product_id: "git-email-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-gui-2.12.3-27.22.1.i586", product: { name: "git-gui-2.12.3-27.22.1.i586", product_id: "git-gui-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-svn-2.12.3-27.22.1.i586", product: { name: "git-svn-2.12.3-27.22.1.i586", product_id: "git-svn-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "git-web-2.12.3-27.22.1.i586", product: { name: "git-web-2.12.3-27.22.1.i586", product_id: "git-web-2.12.3-27.22.1.i586", }, }, { category: "product_version", name: "gitk-2.12.3-27.22.1.i586", product: { name: "gitk-2.12.3-27.22.1.i586", product_id: "gitk-2.12.3-27.22.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "git-doc-2.12.3-27.22.1.noarch", product: { name: "git-doc-2.12.3-27.22.1.noarch", product_id: "git-doc-2.12.3-27.22.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "git-2.12.3-27.22.1.ppc64le", product: { name: "git-2.12.3-27.22.1.ppc64le", product_id: "git-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-arch-2.12.3-27.22.1.ppc64le", product: { name: "git-arch-2.12.3-27.22.1.ppc64le", product_id: "git-arch-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-core-2.12.3-27.22.1.ppc64le", product: { name: "git-core-2.12.3-27.22.1.ppc64le", product_id: "git-core-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.12.3-27.22.1.ppc64le", product: { name: "git-credential-gnome-keyring-2.12.3-27.22.1.ppc64le", product_id: "git-credential-gnome-keyring-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-cvs-2.12.3-27.22.1.ppc64le", product: { name: "git-cvs-2.12.3-27.22.1.ppc64le", product_id: "git-cvs-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-daemon-2.12.3-27.22.1.ppc64le", product: { name: "git-daemon-2.12.3-27.22.1.ppc64le", product_id: "git-daemon-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-email-2.12.3-27.22.1.ppc64le", product: { name: "git-email-2.12.3-27.22.1.ppc64le", product_id: "git-email-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-gui-2.12.3-27.22.1.ppc64le", product: { name: "git-gui-2.12.3-27.22.1.ppc64le", product_id: "git-gui-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-svn-2.12.3-27.22.1.ppc64le", product: { name: "git-svn-2.12.3-27.22.1.ppc64le", product_id: "git-svn-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "git-web-2.12.3-27.22.1.ppc64le", product: { name: "git-web-2.12.3-27.22.1.ppc64le", product_id: "git-web-2.12.3-27.22.1.ppc64le", }, }, { category: "product_version", name: "gitk-2.12.3-27.22.1.ppc64le", product: { name: "gitk-2.12.3-27.22.1.ppc64le", product_id: "gitk-2.12.3-27.22.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "git-2.12.3-27.22.1.s390", product: { name: "git-2.12.3-27.22.1.s390", product_id: "git-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-arch-2.12.3-27.22.1.s390", product: { name: "git-arch-2.12.3-27.22.1.s390", product_id: "git-arch-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-core-2.12.3-27.22.1.s390", product: { name: "git-core-2.12.3-27.22.1.s390", product_id: "git-core-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.12.3-27.22.1.s390", product: { name: "git-credential-gnome-keyring-2.12.3-27.22.1.s390", product_id: "git-credential-gnome-keyring-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-cvs-2.12.3-27.22.1.s390", product: { name: "git-cvs-2.12.3-27.22.1.s390", product_id: "git-cvs-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-daemon-2.12.3-27.22.1.s390", product: { name: "git-daemon-2.12.3-27.22.1.s390", product_id: "git-daemon-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-email-2.12.3-27.22.1.s390", product: { name: "git-email-2.12.3-27.22.1.s390", product_id: "git-email-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-gui-2.12.3-27.22.1.s390", product: { name: "git-gui-2.12.3-27.22.1.s390", product_id: "git-gui-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-svn-2.12.3-27.22.1.s390", product: { name: "git-svn-2.12.3-27.22.1.s390", product_id: "git-svn-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "git-web-2.12.3-27.22.1.s390", product: { name: "git-web-2.12.3-27.22.1.s390", product_id: "git-web-2.12.3-27.22.1.s390", }, }, { category: "product_version", name: "gitk-2.12.3-27.22.1.s390", product: { name: "gitk-2.12.3-27.22.1.s390", product_id: "gitk-2.12.3-27.22.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "git-2.12.3-27.22.1.s390x", product: { name: "git-2.12.3-27.22.1.s390x", product_id: "git-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-arch-2.12.3-27.22.1.s390x", product: { name: "git-arch-2.12.3-27.22.1.s390x", product_id: "git-arch-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-core-2.12.3-27.22.1.s390x", product: { name: "git-core-2.12.3-27.22.1.s390x", product_id: "git-core-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.12.3-27.22.1.s390x", product: { name: "git-credential-gnome-keyring-2.12.3-27.22.1.s390x", product_id: "git-credential-gnome-keyring-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-cvs-2.12.3-27.22.1.s390x", product: { name: "git-cvs-2.12.3-27.22.1.s390x", product_id: "git-cvs-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-daemon-2.12.3-27.22.1.s390x", product: { name: "git-daemon-2.12.3-27.22.1.s390x", product_id: "git-daemon-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-email-2.12.3-27.22.1.s390x", product: { name: "git-email-2.12.3-27.22.1.s390x", product_id: "git-email-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-gui-2.12.3-27.22.1.s390x", product: { name: "git-gui-2.12.3-27.22.1.s390x", product_id: "git-gui-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-svn-2.12.3-27.22.1.s390x", product: { name: "git-svn-2.12.3-27.22.1.s390x", product_id: "git-svn-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "git-web-2.12.3-27.22.1.s390x", product: { name: "git-web-2.12.3-27.22.1.s390x", product_id: "git-web-2.12.3-27.22.1.s390x", }, }, { category: "product_version", name: "gitk-2.12.3-27.22.1.s390x", product: { name: "gitk-2.12.3-27.22.1.s390x", product_id: "gitk-2.12.3-27.22.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "git-2.12.3-27.22.1.x86_64", product: { name: "git-2.12.3-27.22.1.x86_64", product_id: "git-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-arch-2.12.3-27.22.1.x86_64", product: { name: "git-arch-2.12.3-27.22.1.x86_64", product_id: "git-arch-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-core-2.12.3-27.22.1.x86_64", product: { name: "git-core-2.12.3-27.22.1.x86_64", product_id: "git-core-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.12.3-27.22.1.x86_64", product: { name: "git-credential-gnome-keyring-2.12.3-27.22.1.x86_64", product_id: "git-credential-gnome-keyring-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-cvs-2.12.3-27.22.1.x86_64", product: { name: "git-cvs-2.12.3-27.22.1.x86_64", product_id: "git-cvs-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-daemon-2.12.3-27.22.1.x86_64", product: { name: "git-daemon-2.12.3-27.22.1.x86_64", product_id: "git-daemon-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-email-2.12.3-27.22.1.x86_64", product: { name: "git-email-2.12.3-27.22.1.x86_64", product_id: "git-email-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-gui-2.12.3-27.22.1.x86_64", product: { name: "git-gui-2.12.3-27.22.1.x86_64", product_id: "git-gui-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-svn-2.12.3-27.22.1.x86_64", product: { name: "git-svn-2.12.3-27.22.1.x86_64", product_id: "git-svn-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "git-web-2.12.3-27.22.1.x86_64", product: { name: "git-web-2.12.3-27.22.1.x86_64", product_id: "git-web-2.12.3-27.22.1.x86_64", }, }, { category: "product_version", name: "gitk-2.12.3-27.22.1.x86_64", product: { name: "gitk-2.12.3-27.22.1.x86_64", product_id: "gitk-2.12.3-27.22.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 7", product: { name: "SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:7", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4", product: { name: "SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 5", product: { name: "SUSE Enterprise Storage 5", product_id: "SUSE Enterprise Storage 5", product_identification_helper: { cpe: "cpe:/o:suse:ses:5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", }, product_reference: "git-2.12.3-27.22.1.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE OpenStack Cloud 7", product_id: "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE OpenStack Cloud 7", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", }, product_reference: "git-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", }, product_reference: "git-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", }, product_reference: "git-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", }, product_reference: "git-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", }, product_reference: "git-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", }, product_reference: "git-arch-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", }, product_reference: "git-arch-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", }, product_reference: "git-arch-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", }, product_reference: "git-arch-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", }, product_reference: "git-cvs-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", }, product_reference: "git-cvs-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", }, product_reference: "git-cvs-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", }, product_reference: "git-cvs-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", }, product_reference: "git-daemon-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", }, product_reference: "git-daemon-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", }, product_reference: "git-daemon-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", }, product_reference: "git-daemon-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", }, product_reference: "git-email-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", }, product_reference: "git-email-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", }, product_reference: "git-email-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", }, product_reference: "git-email-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", }, product_reference: "git-gui-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", }, product_reference: "git-gui-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", }, product_reference: "git-gui-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", }, product_reference: "git-gui-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", }, product_reference: "git-svn-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", }, product_reference: "git-svn-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", }, product_reference: "git-svn-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", }, product_reference: "git-svn-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", }, product_reference: "git-web-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", }, product_reference: "git-web-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", }, product_reference: "git-web-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", }, product_reference: "git-web-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", }, product_reference: "gitk-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", }, product_reference: "gitk-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", }, product_reference: "gitk-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", }, product_reference: "gitk-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", }, product_reference: "git-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", }, product_reference: "git-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", }, product_reference: "git-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", }, product_reference: "git-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", }, product_reference: "git-arch-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", }, product_reference: "git-arch-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", }, product_reference: "git-arch-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", }, product_reference: "git-arch-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", }, product_reference: "git-cvs-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", }, product_reference: "git-cvs-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", }, product_reference: "git-cvs-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", }, product_reference: "git-cvs-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", }, product_reference: "git-daemon-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", }, product_reference: "git-daemon-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", }, product_reference: "git-daemon-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", }, product_reference: "git-daemon-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", }, product_reference: "git-email-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", }, product_reference: "git-email-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", }, product_reference: "git-email-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-email-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", }, product_reference: "git-email-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", }, product_reference: "git-gui-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", }, product_reference: "git-gui-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", }, product_reference: "git-gui-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", }, product_reference: "git-gui-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", }, product_reference: "git-svn-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", }, product_reference: "git-svn-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", }, product_reference: "git-svn-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", }, product_reference: "git-svn-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", }, product_reference: "git-web-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", }, product_reference: "git-web-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", }, product_reference: "git-web-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-web-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", }, product_reference: "git-web-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", }, product_reference: "gitk-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", }, product_reference: "gitk-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", }, product_reference: "gitk-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gitk-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", }, product_reference: "gitk-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.12.3-27.22.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", }, product_reference: "git-doc-2.12.3-27.22.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4", product_id: "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", }, product_reference: "git-core-2.12.3-27.22.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", }, product_reference: "git-core-2.12.3-27.22.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", }, product_reference: "git-core-2.12.3-27.22.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "git-core-2.12.3-27.22.1.x86_64 as component of SUSE Enterprise Storage 5", product_id: "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", }, product_reference: "git-core-2.12.3-27.22.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 5", }, ], }, vulnerabilities: [ { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "important", }, ], title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19604", }, ], notes: [ { category: "general", text: "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-19604", url: "https://www.suse.com/security/cve/CVE-2019-19604", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158795 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158795", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:git-2.12.3-27.22.1.x86_64", "SUSE Enterprise Storage 5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP1-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-LTSS:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server 12 SP3-BCL:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP4:gitk-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-arch-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-core-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-cvs-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-daemon-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-doc-2.12.3-27.22.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-email-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-gui-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-svn-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:git-web-2.12.3-27.22.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:gitk-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.s390x", "SUSE OpenStack Cloud 7:git-core-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 7:git-doc-2.12.3-27.22.1.noarch", "SUSE OpenStack Cloud 8:git-2.12.3-27.22.1.x86_64", "SUSE OpenStack Cloud 8:git-core-2.12.3-27.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-12-16T13:55:39Z", details: "critical", }, ], title: "CVE-2019-19604", }, ], }
suse-su-2020:1121-1
Vulnerability from csaf_suse
Published
2020-04-28 05:15
Modified
2020-04-28 05:15
Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
Security issues fixed:
* CVE-2020-11008: Specially crafted URLs may have tricked the
credentials helper to providing credential information that
is not appropriate for the protocol in use and host being
contacted (bsc#1169936)
git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)
- Fix git-daemon not starting after conversion from sysvinit to systemd service
(bsc#1169605).
* CVE-2020-5260: Specially crafted URLs with newline characters
could have been used to make the Git client to send credential
information for a wrong host to the attacker's site bsc#1168930
git 2.26.0 (bsc#1167890, jsc#SLE-11608):
* 'git rebase' now uses a different backend that is based on the
'merge' machinery by default. The 'rebase.backend' configuration
variable reverts to old behaviour when set to 'apply'
* Improved handling of sparse checkouts
* Improvements to many commands and internal features
git 2.25.2:
* bug fixes to various subcommands in specific operations
git 2.25.1:
* 'git commit' now honors advise.statusHints
* various updates, bug fixes and documentation updates
git 2.25.0
* The branch description ('git branch --edit-description') has been
used to fill the body of the cover letters by the format-patch
command; this has been enhanced so that the subject can also be
filled.
* A few commands learned to take the pathspec from the standard input
or a named file, instead of taking it as the command line
arguments, with the '--pathspec-from-file' option.
* Test updates to prepare for SHA-2 transition continues.
* Redo 'git name-rev' to avoid recursive calls.
* When all files from some subdirectory were renamed to the root
directory, the directory rename heuristics would fail to detect that
as a rename/merge of the subdirectory to the root directory, which has
been corrected.
* HTTP transport had possible allocator/deallocator mismatch, which
has been corrected.
git 2.24.1:
* CVE-2019-1348: The --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=...
and it allows overwriting arbitrary paths (bsc#1158785)
* CVE-2019-1349: on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled
into using the same Git directory twice (bsc#1158787)
* CVE-2019-1350: Incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in
conjunction with SSH URLs (bsc#1158788)
* CVE-2019-1351: on Windows mistakes drive letters outside of
the US-English alphabet as relative paths (bsc#1158789)
* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
Streams (bsc#1158790)
* CVE-2019-1353: when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active (bsc#1158791)
* CVE-2019-1354: on Windows refuses to write tracked files with
filenames that contain backslashes (bsc#1158792)
* CVE-2019-1387: Recursive clones vulnerability that is caused
by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive
clones (bsc#1158793)
* CVE-2019-19604: a recursive clone followed by a submodule
update could execute code contained within the repository
without the user explicitly having asked for that (bsc#1158795)
git 2.24.0
* The command line parser learned '--end-of-options' notation.
* A mechanism to affect the default setting for a (related) group of
configuration variables is introduced.
* 'git fetch' learned '--set-upstream' option to help those who first
clone from their private fork they intend to push to, add the true
upstream via 'git remote add' and then 'git fetch' from it.
* fixes and improvements to UI, workflow and features, bash completion fixes
git 2.23.0:
* The '--base' option of 'format-patch' computed the patch-ids for
prerequisite patches in an unstable way, which has been updated
to compute in a way that is compatible with 'git patch-id
--stable'.
* The 'git log' command by default behaves as if the --mailmap
option was given.
* fixes and improvements to UI, workflow and features
git 2.22.1
* A relative pathname given to 'git init --template=<path> <repo>'
ought to be relative to the directory 'git init' gets invoked in,
but it instead was made relative to the repository, which has been
corrected.
* 'git worktree add' used to fail when another worktree connected to
the same repository was corrupt, which has been corrected.
* 'git am -i --resolved' segfaulted after trying to see a commit as
if it were a tree, which has been corrected.
* 'git merge --squash' is designed to update the working tree and the
index without creating the commit, and this cannot be countermanded
by adding the '--commit' option; the command now refuses to work
when both options are given.
* Update to Unicode 12.1 width table.
* 'git request-pull' learned to warn when the ref we ask them to pull
from in the local repository and in the published repository are
different.
* 'git fetch' into a lazy clone forgot to fetch base objects that are
necessary to complete delta in a thin packfile, which has been
corrected.
* The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.
* 'git clean' silently skipped a path when it cannot lstat() it; now
it gives a warning.
* 'git rm' to resolve a conflicted path leaked an internal message
'needs merge' before actually removing the path, which was
confusing. This has been corrected.
* Many more bugfixes and code cleanups.
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld.
- partial fix for git instaweb giving 500 error (bsc#1112230)
git 2.22.0
* The filter specification '--filter=sparse:path=<path>' used to
create a lazy/partial clone has been removed. Using a blob that is
part of the project as sparse specification is still supported with
the '--filter=sparse:oid=<blob>' option
* 'git checkout --no-overlay' can be used to trigger a new mode of
checking out paths out of the tree-ish, that allows paths that
match the pathspec that are in the current index and working tree
and are not in the tree-ish.
* Four new configuration variables {author,committer}.{name,email}
have been introduced to override user.{name,email} in more specific
cases.
* 'git branch' learned a new subcommand '--show-current'.
* The command line completion (in contrib/) has been taught to
complete more subcommand parameters.
* The completion helper code now pays attention to repository-local
configuration (when available), which allows --list-cmds to honour
a repository specific setting of completion.commands, for example.
* The list of conflicted paths shown in the editor while concluding a
conflicted merge was shown above the scissors line when the
clean-up mode is set to 'scissors', even though it was commented
out just like the list of updated paths and other information to
help the user explain the merge better.
* 'git rebase' that was reimplemented in C did not set ORIG_HEAD
correctly, which has been corrected.
* 'git worktree add' used to do a 'find an available name with stat
and then mkdir', which is race-prone. This has been fixed by using
mkdir and reacting to EEXIST in a loop.
- Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy
DocBook 4.5 format.
- update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)
git 2.21.0
* Historically, the '-m' (mainline) option can only be used for 'git
cherry-pick' and 'git revert' when working with a merge commit.
This version of Git no longer warns or errors out when working with
a single-parent commit, as long as the argument to the '-m' option
is 1 (i.e. it has only one parent, and the request is to pick or
revert relative to that first parent). Scripts that relied on the
behaviour may get broken with this change.
* Small fixes and features for fast-export and fast-import.
* The 'http.version' configuration variable can be used with recent
enough versions of cURL library to force the version of HTTP used
to talk when fetching and pushing.
* 'git push $there $src:$dst' rejects when $dst is not a fully
qualified refname and it is not clear what the end user meant.
* Update 'git multimail' from the upstream.
* A new date format '--date=human' that morphs its output depending
on how far the time is from the current time has been introduced.
'--date=auto:human' can be used to use this new format (or any
existing format) when the output is going to the pager or to the
terminal, and otherwise the default format.
- Fix worktree creation race (bsc#1114225).
- add shadow build dependency to the -daemon subpackage.
git 2.20.1:
* portability fixes
* 'git help -a' did not work well when an overly long alias was
defined
* no longer squelched an error message when the run_command API
failed to run a missing command
git 2.20.0
* 'git help -a' now gives verbose output (same as 'git help -av').
Those who want the old output may say 'git help --no-verbose -a'..
* 'git send-email' learned to grab address-looking string on any
trailer whose name ends with '-by'.
* 'git format-patch' learned new '--interdiff' and '--range-diff'
options to explain the difference between this version and the
previous attempt in the cover letter (or after the three-dashes as
a comment).
* Developer builds now use -Wunused-function compilation option.
* Fix a bug in which the same path could be registered under multiple
worktree entries if the path was missing (for instance, was removed
manually). Also, as a convenience, expand the number of cases in
which --force is applicable.
* The overly large Documentation/config.txt file have been split into
million little pieces. This potentially allows each individual piece
to be included into the manual page of the command it affects more easily.
* Malformed or crafted data in packstream can make our code attempt
to read or write past the allocated buffer and abort, instead of
reporting an error, which has been fixed.
* Fix for a long-standing bug that leaves the index file corrupt when
it shrinks during a partial commit.
* 'git merge' and 'git pull' that merges into an unborn branch used
to completely ignore '--verify-signatures', which has been
corrected.
* ...and much more features and fixes
git 2.19.2:
* various bug fixes for multiple subcommands and operations
git 2.19.1:
* CVE-2018-17456: Specially crafted .gitmodules files may have
allowed arbitrary code execution when the repository is cloned
with --recurse-submodules (bsc#1110949)
git 2.19.0:
* 'git diff' compares the index and the working tree. For paths
added with intent-to-add bit, the command shows the full contents
of them as added, but the paths themselves were not marked as new
files. They are now shown as new by default.
* 'git apply' learned the '--intent-to-add' option so that an
otherwise working-tree-only application of a patch will add new
paths to the index marked with the 'intent-to-add' bit.
* 'git grep' learned the '--column' option that gives not just the
line number but the column number of the hit.
* The '-l' option in 'git branch -l' is an unfortunate short-hand for
'--create-reflog', but many users, both old and new, somehow expect
it to be something else, perhaps '--list'. This step warns when '-l'
is used as a short-hand for '--create-reflog' and warns about the
future repurposing of the it when it is used.
* The userdiff pattern for .php has been updated.
* The content-transfer-encoding of the message 'git send-email' sends
out by default was 8bit, which can cause trouble when there is an
overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
automatically switch to quoted-printable when there is such a line
in the payload has been introduced and is made the default.
* 'git checkout' and 'git worktree add' learned to honor
checkout.defaultRemote when auto-vivifying a local branch out of a
remote tracking branch in a repository with multiple remotes that
have tracking branches that share the same names.
(merge 8d7b558bae ab/checkout-default-remote later to maint).
* 'git grep' learned the '--only-matching' option.
* 'git rebase --rebase-merges' mode now handles octopus merges as
well.
* Add a server-side knob to skip commits in exponential/fibbonacci
stride in an attempt to cover wider swath of history with a smaller
number of iterations, potentially accepting a larger packfile
transfer, instead of going back one commit a time during common
ancestor discovery during the 'git fetch' transaction.
(merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).
* A new configuration variable core.usereplacerefs has been added,
primarily to help server installations that want to ignore the
replace mechanism altogether.
* Teach 'git tag -s' etc. a few configuration variables (gpg.format
that can be set to 'openpgp' or 'x509', and gpg.<format>.program
that is used to specify what program to use to deal with the format)
to allow x.509 certs with CMS via 'gpgsm' to be used instead of
openpgp via 'gnupg'.
* Many more strings are prepared for l10n.
* 'git p4 submit' learns to ask its own pre-submit hook if it should
continue with submitting.
* The test performed at the receiving end of 'git push' to prevent
bad objects from entering repository can be customized via
receive.fsck.* configuration variables; we now have gained a
counterpart to do the same on the 'git fetch' side, with
fetch.fsck.* configuration variables.
* 'git pull --rebase=interactive' learned 'i' as a short-hand for
'interactive'.
* 'git instaweb' has been adjusted to run better with newer Apache on
RedHat based distros.
* 'git range-diff' is a reimplementation of 'git tbdiff' that lets us
compare individual patches in two iterations of a topic.
* The sideband code learned to optionally paint selected keywords at
the beginning of incoming lines on the receiving end.
* 'git branch --list' learned to take the default sort order from the
'branch.sort' configuration variable, just like 'git tag --list'
pays attention to 'tag.sort'.
* 'git worktree' command learned '--quiet' option to make it less
verbose.
git 2.18.0:
* improvements to rename detection logic
* When built with more recent cURL, GIT_SSL_VERSION can now
specify 'tlsv1.3' as its value.
* 'git mergetools' learned talking to guiffy.
* various other workflow improvements and fixes
* performance improvements and other developer visible fixes
git 2.17.1
* Submodule 'names' come from the untrusted .gitmodules file, but
we blindly append them to $GIT_DIR/modules to create our on-disk
repo paths. This means you can do bad things by putting '../'
into the name. We now enforce some rules for submodule names
which will cause Git to ignore these malicious names
(CVE-2018-11235, bsc#1095219)
* It was possible to trick the code that sanity-checks paths on
NTFS into reading random piece of memory
(CVE-2018-11233, bsc#1095218)
* Support on the server side to reject pushes to repositories
that attempt to create such problematic .gitmodules file etc.
as tracked contents, to help hosting sites protect their
customers by preventing malicious contents from spreading.
git 2.17.0:
* 'diff' family of commands learned '--find-object=<object-id>' option
to limit the findings to changes that involve the named object.
* 'git format-patch' learned to give 72-cols to diffstat, which is
consistent with other line length limits the subcommand uses for
its output meant for e-mails.
* The log from 'git daemon' can be redirected with a new option; one
relevant use case is to send the log to standard error (instead of
syslog) when running it from inetd.
* 'git rebase' learned to take '--allow-empty-message' option.
* 'git am' has learned the '--quit' option, in addition to the
existing '--abort' option; having the pair mirrors a few other
commands like 'rebase' and 'cherry-pick'.
* 'git worktree add' learned to run the post-checkout hook, just like
'git clone' runs it upon the initial checkout.
* 'git tag' learned an explicit '--edit' option that allows the
message given via '-m' and '-F' to be further edited.
* 'git fetch --prune-tags' may be used as a handy short-hand for
getting rid of stale tags that are locally held.
* The new '--show-current-patch' option gives an end-user facing way
to get the diff being applied when 'git rebase' (and 'git am')
stops with a conflict.
* 'git add -p' used to offer '/' (look for a matching hunk) as a
choice, even there was only one hunk, which has been corrected.
Also the single-key help is now given only for keys that are
enabled (e.g. help for '/' won't be shown when there is only one
hunk).
* Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when
the side branch being merged is a descendant of the current commit,
create a merge commit instead of fast-forwarding) when merging a
tag object. This was appropriate default for integrators who pull
signed tags from their downstream contributors, but caused an
unnecessary merges when used by downstream contributors who
habitually 'catch up' their topic branches with tagged releases
from the upstream. Update 'git merge' to default to --no-ff only
when merging a tag object that does *not* sit at its usual place in
refs/tags/ hierarchy, and allow fast-forwarding otherwise, to
mitigate the problem.
* 'git status' can spend a lot of cycles to compute the relation
between the current branch and its upstream, which can now be
disabled with '--no-ahead-behind' option.
* 'git diff' and friends learned funcname patterns for Go language
source files.
* 'git send-email' learned '--reply-to=<address>' option.
* Funcname pattern used for C# now recognizes 'async' keyword.
* In a way similar to how 'git tag' learned to honor the pager
setting only in the list mode, 'git config' learned to ignore the
pager setting when it is used for setting values (i.e. when the
purpose of the operation is not to 'show').
Patchnames
SUSE-2020-1121,SUSE-SLE-Module-Basesystem-15-SP1-2020-1121,SUSE-SLE-Module-Development-Tools-15-SP1-2020-1121,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for git", title: "Title of the patch", }, { category: "description", text: "This update for git fixes the following issues:\n\nSecurity issues fixed:\n\n* CVE-2020-11008: Specially crafted URLs may have tricked the\n credentials helper to providing credential information that\n is not appropriate for the protocol in use and host being\n contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n- Fix git-daemon not starting after conversion from sysvinit to systemd service\n (bsc#1169605).\n\n* CVE-2020-5260: Specially crafted URLs with newline characters\n could have been used to make the Git client to send credential\n information for a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608):\n\n* 'git rebase' now uses a different backend that is based on the\n 'merge' machinery by default. The 'rebase.backend' configuration\n variable reverts to old behaviour when set to 'apply'\n* Improved handling of sparse checkouts\n* Improvements to many commands and internal features\n\ngit 2.25.2:\n\n* bug fixes to various subcommands in specific operations\n\ngit 2.25.1:\n\n* 'git commit' now honors advise.statusHints\n* various updates, bug fixes and documentation updates\n\ngit 2.25.0\n\n* The branch description ('git branch --edit-description') has been\n used to fill the body of the cover letters by the format-patch\n command; this has been enhanced so that the subject can also be\n filled.\n* A few commands learned to take the pathspec from the standard input\n or a named file, instead of taking it as the command line\n arguments, with the '--pathspec-from-file' option.\n* Test updates to prepare for SHA-2 transition continues.\n* Redo 'git name-rev' to avoid recursive calls.\n* When all files from some subdirectory were renamed to the root\n directory, the directory rename heuristics would fail to detect that\n as a rename/merge of the subdirectory to the root directory, which has\n been corrected.\n* HTTP transport had possible allocator/deallocator mismatch, which\n has been corrected.\n\ngit 2.24.1:\n\n* CVE-2019-1348: The --export-marks option of fast-import is\n exposed also via the in-stream command feature export-marks=...\n and it allows overwriting arbitrary paths (bsc#1158785)\n* CVE-2019-1349: on Windows, when submodules are cloned\n recursively, under certain circumstances Git could be fooled\n into using the same Git directory twice (bsc#1158787)\n* CVE-2019-1350: Incorrect quoting of command-line arguments\n allowed remote code execution during a recursive clone in\n conjunction with SSH URLs (bsc#1158788)\n* CVE-2019-1351: on Windows mistakes drive letters outside of\n the US-English alphabet as relative paths (bsc#1158789)\n* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data\n Streams (bsc#1158790)\n* CVE-2019-1353: when run in the Windows Subsystem for Linux\n while accessing a working directory on a regular Windows\n drive, none of the NTFS protections were active (bsc#1158791)\n* CVE-2019-1354: on Windows refuses to write tracked files with\n filenames that contain backslashes (bsc#1158792)\n* CVE-2019-1387: Recursive clones vulnerability that is caused\n by too-lax validation of submodule names, allowing very\n targeted attacks via remote code execution in recursive\n clones (bsc#1158793)\n* CVE-2019-19604: a recursive clone followed by a submodule\n update could execute code contained within the repository\n without the user explicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\n* The command line parser learned '--end-of-options' notation.\n* A mechanism to affect the default setting for a (related) group of\n configuration variables is introduced.\n* 'git fetch' learned '--set-upstream' option to help those who first\n clone from their private fork they intend to push to, add the true\n upstream via 'git remote add' and then 'git fetch' from it.\n* fixes and improvements to UI, workflow and features, bash completion fixes\n\ngit 2.23.0:\n\n* The '--base' option of 'format-patch' computed the patch-ids for\n prerequisite patches in an unstable way, which has been updated\n to compute in a way that is compatible with 'git patch-id\n --stable'.\n* The 'git log' command by default behaves as if the --mailmap\n option was given.\n* fixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\n* A relative pathname given to 'git init --template=<path> <repo>'\n ought to be relative to the directory 'git init' gets invoked in,\n but it instead was made relative to the repository, which has been\n corrected.\n* 'git worktree add' used to fail when another worktree connected to\n the same repository was corrupt, which has been corrected.\n* 'git am -i --resolved' segfaulted after trying to see a commit as\n if it were a tree, which has been corrected.\n* 'git merge --squash' is designed to update the working tree and the\n index without creating the commit, and this cannot be countermanded\n by adding the '--commit' option; the command now refuses to work\n when both options are given.\n* Update to Unicode 12.1 width table.\n* 'git request-pull' learned to warn when the ref we ask them to pull\n from in the local repository and in the published repository are\n different.\n* 'git fetch' into a lazy clone forgot to fetch base objects that are\n necessary to complete delta in a thin packfile, which has been\n corrected.\n* The URL decoding code has been updated to avoid going past the end\n of the string while parsing %-<hex>-<hex> sequence.\n* 'git clean' silently skipped a path when it cannot lstat() it; now\n it gives a warning.\n* 'git rm' to resolve a conflicted path leaked an internal message\n 'needs merge' before actually removing the path, which was\n confusing. This has been corrected.\n* Many more bugfixes and code cleanups.\n\n- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by\n firewalld.\n\n- partial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0 \n\n* The filter specification '--filter=sparse:path=<path>' used to\n create a lazy/partial clone has been removed. Using a blob that is\n part of the project as sparse specification is still supported with\n the '--filter=sparse:oid=<blob>' option\n* 'git checkout --no-overlay' can be used to trigger a new mode of\n checking out paths out of the tree-ish, that allows paths that\n match the pathspec that are in the current index and working tree\n and are not in the tree-ish.\n* Four new configuration variables {author,committer}.{name,email}\n have been introduced to override user.{name,email} in more specific\n cases.\n* 'git branch' learned a new subcommand '--show-current'.\n* The command line completion (in contrib/) has been taught to\n complete more subcommand parameters.\n* The completion helper code now pays attention to repository-local\n configuration (when available), which allows --list-cmds to honour\n a repository specific setting of completion.commands, for example.\n* The list of conflicted paths shown in the editor while concluding a\n conflicted merge was shown above the scissors line when the\n clean-up mode is set to 'scissors', even though it was commented\n out just like the list of updated paths and other information to\n help the user explain the merge better.\n* 'git rebase' that was reimplemented in C did not set ORIG_HEAD\n correctly, which has been corrected.\n* 'git worktree add' used to do a 'find an available name with stat\n and then mkdir', which is race-prone. This has been fixed by using\n mkdir and reacting to EEXIST in a loop. \n\n- Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy\n DocBook 4.5 format.\n\n- update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0\n\n* Historically, the '-m' (mainline) option can only be used for 'git\n cherry-pick' and 'git revert' when working with a merge commit.\n This version of Git no longer warns or errors out when working with\n a single-parent commit, as long as the argument to the '-m' option\n is 1 (i.e. it has only one parent, and the request is to pick or\n revert relative to that first parent). Scripts that relied on the\n behaviour may get broken with this change.\n* Small fixes and features for fast-export and fast-import.\n* The 'http.version' configuration variable can be used with recent\n enough versions of cURL library to force the version of HTTP used\n to talk when fetching and pushing.\n* 'git push $there $src:$dst' rejects when $dst is not a fully\n qualified refname and it is not clear what the end user meant.\n* Update 'git multimail' from the upstream.\n* A new date format '--date=human' that morphs its output depending\n on how far the time is from the current time has been introduced.\n '--date=auto:human' can be used to use this new format (or any\n existing format) when the output is going to the pager or to the\n terminal, and otherwise the default format.\n\n- Fix worktree creation race (bsc#1114225).\n- add shadow build dependency to the -daemon subpackage.\n\n\ngit 2.20.1:\n\n* portability fixes\n* 'git help -a' did not work well when an overly long alias was\n defined\n* no longer squelched an error message when the run_command API\n failed to run a missing command\n\ngit 2.20.0\n\n* 'git help -a' now gives verbose output (same as 'git help -av').\n Those who want the old output may say 'git help --no-verbose -a'..\n* 'git send-email' learned to grab address-looking string on any\n trailer whose name ends with '-by'.\n* 'git format-patch' learned new '--interdiff' and '--range-diff'\n options to explain the difference between this version and the\n previous attempt in the cover letter (or after the three-dashes as\n a comment).\n* Developer builds now use -Wunused-function compilation option.\n* Fix a bug in which the same path could be registered under multiple\n worktree entries if the path was missing (for instance, was removed\n manually). Also, as a convenience, expand the number of cases in\n which --force is applicable.\n* The overly large Documentation/config.txt file have been split into\n million little pieces. This potentially allows each individual piece\n to be included into the manual page of the command it affects more easily.\n* Malformed or crafted data in packstream can make our code attempt\n to read or write past the allocated buffer and abort, instead of\n reporting an error, which has been fixed.\n* Fix for a long-standing bug that leaves the index file corrupt when\n it shrinks during a partial commit.\n* 'git merge' and 'git pull' that merges into an unborn branch used\n to completely ignore '--verify-signatures', which has been\n corrected.\n* ...and much more features and fixes\n\ngit 2.19.2:\n\n* various bug fixes for multiple subcommands and operations\n\ngit 2.19.1:\n\n* CVE-2018-17456: Specially crafted .gitmodules files may have\n allowed arbitrary code execution when the repository is cloned\n with --recurse-submodules (bsc#1110949)\n\ngit 2.19.0:\n\n* 'git diff' compares the index and the working tree. For paths\n added with intent-to-add bit, the command shows the full contents\n of them as added, but the paths themselves were not marked as new\n files. They are now shown as new by default.\n* 'git apply' learned the '--intent-to-add' option so that an\n otherwise working-tree-only application of a patch will add new\n paths to the index marked with the 'intent-to-add' bit.\n* 'git grep' learned the '--column' option that gives not just the\n line number but the column number of the hit.\n* The '-l' option in 'git branch -l' is an unfortunate short-hand for\n '--create-reflog', but many users, both old and new, somehow expect\n it to be something else, perhaps '--list'. This step warns when '-l'\n is used as a short-hand for '--create-reflog' and warns about the\n future repurposing of the it when it is used.\n* The userdiff pattern for .php has been updated.\n* The content-transfer-encoding of the message 'git send-email' sends\n out by default was 8bit, which can cause trouble when there is an\n overlong line to bust RFC 5322/2822 limit. A new option 'auto' to\n automatically switch to quoted-printable when there is such a line\n in the payload has been introduced and is made the default.\n* 'git checkout' and 'git worktree add' learned to honor\n checkout.defaultRemote when auto-vivifying a local branch out of a\n remote tracking branch in a repository with multiple remotes that\n have tracking branches that share the same names.\n (merge 8d7b558bae ab/checkout-default-remote later to maint).\n* 'git grep' learned the '--only-matching' option.\n* 'git rebase --rebase-merges' mode now handles octopus merges as\n well.\n* Add a server-side knob to skip commits in exponential/fibbonacci\n stride in an attempt to cover wider swath of history with a smaller\n number of iterations, potentially accepting a larger packfile\n transfer, instead of going back one commit a time during common\n ancestor discovery during the 'git fetch' transaction.\n (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n* A new configuration variable core.usereplacerefs has been added,\n primarily to help server installations that want to ignore the\n replace mechanism altogether.\n* Teach 'git tag -s' etc. a few configuration variables (gpg.format\n that can be set to 'openpgp' or 'x509', and gpg.<format>.program\n that is used to specify what program to use to deal with the format)\n to allow x.509 certs with CMS via 'gpgsm' to be used instead of\n openpgp via 'gnupg'.\n* Many more strings are prepared for l10n.\n* 'git p4 submit' learns to ask its own pre-submit hook if it should\n continue with submitting.\n* The test performed at the receiving end of 'git push' to prevent\n bad objects from entering repository can be customized via\n receive.fsck.* configuration variables; we now have gained a\n counterpart to do the same on the 'git fetch' side, with\n fetch.fsck.* configuration variables.\n* 'git pull --rebase=interactive' learned 'i' as a short-hand for\n 'interactive'.\n* 'git instaweb' has been adjusted to run better with newer Apache on\n RedHat based distros.\n* 'git range-diff' is a reimplementation of 'git tbdiff' that lets us\n compare individual patches in two iterations of a topic.\n* The sideband code learned to optionally paint selected keywords at\n the beginning of incoming lines on the receiving end.\n* 'git branch --list' learned to take the default sort order from the\n 'branch.sort' configuration variable, just like 'git tag --list'\n pays attention to 'tag.sort'.\n* 'git worktree' command learned '--quiet' option to make it less\n verbose.\n\ngit 2.18.0:\n\n* improvements to rename detection logic\n* When built with more recent cURL, GIT_SSL_VERSION can now\n specify 'tlsv1.3' as its value.\n* 'git mergetools' learned talking to guiffy.\n* various other workflow improvements and fixes\n* performance improvements and other developer visible fixes\n\ngit 2.17.1\n\n* Submodule 'names' come from the untrusted .gitmodules file, but\n we blindly append them to $GIT_DIR/modules to create our on-disk\n repo paths. This means you can do bad things by putting '../'\n into the name. We now enforce some rules for submodule names\n which will cause Git to ignore these malicious names\n (CVE-2018-11235, bsc#1095219)\n* It was possible to trick the code that sanity-checks paths on\n NTFS into reading random piece of memory\n (CVE-2018-11233, bsc#1095218)\n* Support on the server side to reject pushes to repositories\n that attempt to create such problematic .gitmodules file etc.\n as tracked contents, to help hosting sites protect their\n customers by preventing malicious contents from spreading.\n\ngit 2.17.0:\n\n* 'diff' family of commands learned '--find-object=<object-id>' option\n to limit the findings to changes that involve the named object.\n* 'git format-patch' learned to give 72-cols to diffstat, which is\n consistent with other line length limits the subcommand uses for\n its output meant for e-mails.\n* The log from 'git daemon' can be redirected with a new option; one\n relevant use case is to send the log to standard error (instead of\n syslog) when running it from inetd.\n* 'git rebase' learned to take '--allow-empty-message' option.\n* 'git am' has learned the '--quit' option, in addition to the\n existing '--abort' option; having the pair mirrors a few other\n commands like 'rebase' and 'cherry-pick'.\n* 'git worktree add' learned to run the post-checkout hook, just like\n 'git clone' runs it upon the initial checkout.\n* 'git tag' learned an explicit '--edit' option that allows the\n message given via '-m' and '-F' to be further edited.\n* 'git fetch --prune-tags' may be used as a handy short-hand for\n getting rid of stale tags that are locally held.\n* The new '--show-current-patch' option gives an end-user facing way\n to get the diff being applied when 'git rebase' (and 'git am')\n stops with a conflict.\n* 'git add -p' used to offer '/' (look for a matching hunk) as a\n choice, even there was only one hunk, which has been corrected.\n Also the single-key help is now given only for keys that are\n enabled (e.g. help for '/' won't be shown when there is only one\n hunk).\n* Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when\n the side branch being merged is a descendant of the current commit,\n create a merge commit instead of fast-forwarding) when merging a\n tag object. This was appropriate default for integrators who pull\n signed tags from their downstream contributors, but caused an\n unnecessary merges when used by downstream contributors who\n habitually 'catch up' their topic branches with tagged releases\n from the upstream. Update 'git merge' to default to --no-ff only\n when merging a tag object that does *not* sit at its usual place in\n refs/tags/ hierarchy, and allow fast-forwarding otherwise, to\n mitigate the problem.\n* 'git status' can spend a lot of cycles to compute the relation\n between the current branch and its upstream, which can now be\n disabled with '--no-ahead-behind' option.\n* 'git diff' and friends learned funcname patterns for Go language\n source files.\n* 'git send-email' learned '--reply-to=<address>' option.\n* Funcname pattern used for C# now recognizes 'async' keyword.\n* In a way similar to how 'git tag' learned to honor the pager\n setting only in the list mode, 'git config' learned to ignore the\n pager setting when it is used for setting values (i.e. when the\n purpose of the operation is not to 'show').\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-1121,SUSE-SLE-Module-Basesystem-15-SP1-2020-1121,SUSE-SLE-Module-Development-Tools-15-SP1-2020-1121,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1121-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:1121-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:1121-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-April/006748.html", }, { category: "self", summary: "SUSE Bug 1063412", url: "https://bugzilla.suse.com/1063412", }, { category: "self", summary: "SUSE Bug 1095218", url: "https://bugzilla.suse.com/1095218", }, { category: "self", summary: "SUSE Bug 1095219", url: "https://bugzilla.suse.com/1095219", }, { category: "self", summary: "SUSE Bug 1110949", url: "https://bugzilla.suse.com/1110949", }, { category: "self", summary: "SUSE Bug 1112230", url: "https://bugzilla.suse.com/1112230", }, { category: "self", summary: "SUSE Bug 1114225", url: "https://bugzilla.suse.com/1114225", }, { category: "self", summary: "SUSE Bug 1132350", url: "https://bugzilla.suse.com/1132350", }, { category: "self", summary: "SUSE Bug 1149792", url: "https://bugzilla.suse.com/1149792", }, { category: "self", summary: "SUSE Bug 1156651", url: "https://bugzilla.suse.com/1156651", }, { category: "self", summary: "SUSE Bug 1158785", url: "https://bugzilla.suse.com/1158785", }, { category: "self", summary: "SUSE Bug 1158787", url: "https://bugzilla.suse.com/1158787", }, { category: "self", summary: "SUSE Bug 1158788", url: "https://bugzilla.suse.com/1158788", }, { category: "self", summary: "SUSE Bug 1158789", url: "https://bugzilla.suse.com/1158789", }, { category: "self", summary: "SUSE Bug 1158790", url: "https://bugzilla.suse.com/1158790", }, { category: "self", summary: "SUSE Bug 1158791", url: "https://bugzilla.suse.com/1158791", }, { category: "self", summary: "SUSE Bug 1158792", url: "https://bugzilla.suse.com/1158792", }, { category: "self", summary: "SUSE Bug 1158793", url: "https://bugzilla.suse.com/1158793", }, { category: "self", summary: "SUSE Bug 1158795", url: "https://bugzilla.suse.com/1158795", }, { category: "self", summary: "SUSE Bug 1167890", url: "https://bugzilla.suse.com/1167890", }, { category: "self", summary: "SUSE Bug 1168930", url: "https://bugzilla.suse.com/1168930", }, { category: "self", summary: "SUSE Bug 1169605", url: "https://bugzilla.suse.com/1169605", }, { category: "self", summary: "SUSE Bug 1169786", url: "https://bugzilla.suse.com/1169786", }, { category: "self", summary: "SUSE Bug 1169936", url: "https://bugzilla.suse.com/1169936", }, { category: "self", summary: "SUSE CVE CVE-2017-15298 page", url: "https://www.suse.com/security/cve/CVE-2017-15298/", }, { category: "self", summary: "SUSE CVE CVE-2018-11233 page", url: "https://www.suse.com/security/cve/CVE-2018-11233/", }, { category: "self", summary: "SUSE CVE CVE-2018-11235 page", url: "https://www.suse.com/security/cve/CVE-2018-11235/", }, { category: "self", summary: "SUSE CVE CVE-2018-17456 page", url: "https://www.suse.com/security/cve/CVE-2018-17456/", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, { category: "self", summary: "SUSE CVE CVE-2019-19604 page", url: "https://www.suse.com/security/cve/CVE-2019-19604/", }, { category: "self", summary: "SUSE CVE CVE-2020-11008 page", url: "https://www.suse.com/security/cve/CVE-2020-11008/", }, { category: "self", summary: "SUSE CVE CVE-2020-5260 page", url: "https://www.suse.com/security/cve/CVE-2020-5260/", }, ], title: "Security update for git", tracking: { current_release_date: "2020-04-28T05:15:55Z", generator: { date: "2020-04-28T05:15:55Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:1121-1", initial_release_date: "2020-04-28T05:15:55Z", revision_history: [ { date: "2020-04-28T05:15:55Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "git-2.26.1-3.25.2.aarch64", product: { name: "git-2.26.1-3.25.2.aarch64", product_id: "git-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-arch-2.26.1-3.25.2.aarch64", product: { name: "git-arch-2.26.1-3.25.2.aarch64", product_id: "git-arch-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-core-2.26.1-3.25.2.aarch64", product: { name: "git-core-2.26.1-3.25.2.aarch64", product_id: "git-core-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.26.1-3.25.2.aarch64", product: { name: "git-credential-gnome-keyring-2.26.1-3.25.2.aarch64", product_id: "git-credential-gnome-keyring-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-credential-libsecret-2.26.1-3.25.2.aarch64", product: { name: "git-credential-libsecret-2.26.1-3.25.2.aarch64", product_id: "git-credential-libsecret-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-cvs-2.26.1-3.25.2.aarch64", product: { name: "git-cvs-2.26.1-3.25.2.aarch64", product_id: "git-cvs-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-daemon-2.26.1-3.25.2.aarch64", product: { name: "git-daemon-2.26.1-3.25.2.aarch64", product_id: "git-daemon-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-email-2.26.1-3.25.2.aarch64", product: { name: "git-email-2.26.1-3.25.2.aarch64", product_id: "git-email-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-gui-2.26.1-3.25.2.aarch64", product: { name: "git-gui-2.26.1-3.25.2.aarch64", product_id: "git-gui-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-p4-2.26.1-3.25.2.aarch64", product: { name: "git-p4-2.26.1-3.25.2.aarch64", product_id: "git-p4-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-svn-2.26.1-3.25.2.aarch64", product: { name: "git-svn-2.26.1-3.25.2.aarch64", product_id: "git-svn-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "git-web-2.26.1-3.25.2.aarch64", product: { name: "git-web-2.26.1-3.25.2.aarch64", product_id: "git-web-2.26.1-3.25.2.aarch64", }, }, { category: "product_version", name: "gitk-2.26.1-3.25.2.aarch64", product: { name: "gitk-2.26.1-3.25.2.aarch64", product_id: "gitk-2.26.1-3.25.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "git-2.26.1-3.25.2.i586", product: { name: "git-2.26.1-3.25.2.i586", product_id: "git-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-arch-2.26.1-3.25.2.i586", product: { name: "git-arch-2.26.1-3.25.2.i586", product_id: "git-arch-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-core-2.26.1-3.25.2.i586", product: { name: "git-core-2.26.1-3.25.2.i586", product_id: "git-core-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.26.1-3.25.2.i586", product: { name: "git-credential-gnome-keyring-2.26.1-3.25.2.i586", product_id: "git-credential-gnome-keyring-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-credential-libsecret-2.26.1-3.25.2.i586", product: { name: "git-credential-libsecret-2.26.1-3.25.2.i586", product_id: "git-credential-libsecret-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-cvs-2.26.1-3.25.2.i586", product: { name: "git-cvs-2.26.1-3.25.2.i586", product_id: "git-cvs-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-daemon-2.26.1-3.25.2.i586", product: { name: "git-daemon-2.26.1-3.25.2.i586", product_id: "git-daemon-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-email-2.26.1-3.25.2.i586", product: { name: "git-email-2.26.1-3.25.2.i586", product_id: "git-email-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-gui-2.26.1-3.25.2.i586", product: { name: "git-gui-2.26.1-3.25.2.i586", product_id: "git-gui-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-p4-2.26.1-3.25.2.i586", product: { name: "git-p4-2.26.1-3.25.2.i586", product_id: "git-p4-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-svn-2.26.1-3.25.2.i586", product: { name: "git-svn-2.26.1-3.25.2.i586", product_id: "git-svn-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "git-web-2.26.1-3.25.2.i586", product: { name: "git-web-2.26.1-3.25.2.i586", product_id: "git-web-2.26.1-3.25.2.i586", }, }, { category: "product_version", name: "gitk-2.26.1-3.25.2.i586", product: { name: "gitk-2.26.1-3.25.2.i586", product_id: "gitk-2.26.1-3.25.2.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "git-doc-2.26.1-3.25.2.noarch", product: { name: "git-doc-2.26.1-3.25.2.noarch", product_id: "git-doc-2.26.1-3.25.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "git-2.26.1-3.25.2.ppc64le", product: { name: "git-2.26.1-3.25.2.ppc64le", product_id: "git-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-arch-2.26.1-3.25.2.ppc64le", product: { name: "git-arch-2.26.1-3.25.2.ppc64le", product_id: "git-arch-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-core-2.26.1-3.25.2.ppc64le", product: { name: "git-core-2.26.1-3.25.2.ppc64le", product_id: "git-core-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.26.1-3.25.2.ppc64le", product: { name: "git-credential-gnome-keyring-2.26.1-3.25.2.ppc64le", product_id: "git-credential-gnome-keyring-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-credential-libsecret-2.26.1-3.25.2.ppc64le", product: { name: "git-credential-libsecret-2.26.1-3.25.2.ppc64le", product_id: "git-credential-libsecret-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-cvs-2.26.1-3.25.2.ppc64le", product: { name: "git-cvs-2.26.1-3.25.2.ppc64le", product_id: "git-cvs-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-daemon-2.26.1-3.25.2.ppc64le", product: { name: "git-daemon-2.26.1-3.25.2.ppc64le", product_id: "git-daemon-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-email-2.26.1-3.25.2.ppc64le", product: { name: "git-email-2.26.1-3.25.2.ppc64le", product_id: "git-email-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-gui-2.26.1-3.25.2.ppc64le", product: { name: "git-gui-2.26.1-3.25.2.ppc64le", product_id: "git-gui-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-p4-2.26.1-3.25.2.ppc64le", product: { name: "git-p4-2.26.1-3.25.2.ppc64le", product_id: "git-p4-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-svn-2.26.1-3.25.2.ppc64le", product: { name: "git-svn-2.26.1-3.25.2.ppc64le", product_id: "git-svn-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "git-web-2.26.1-3.25.2.ppc64le", product: { name: "git-web-2.26.1-3.25.2.ppc64le", product_id: "git-web-2.26.1-3.25.2.ppc64le", }, }, { category: "product_version", name: "gitk-2.26.1-3.25.2.ppc64le", product: { name: "gitk-2.26.1-3.25.2.ppc64le", product_id: "gitk-2.26.1-3.25.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "git-2.26.1-3.25.2.s390x", product: { name: "git-2.26.1-3.25.2.s390x", product_id: "git-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-arch-2.26.1-3.25.2.s390x", product: { name: "git-arch-2.26.1-3.25.2.s390x", product_id: "git-arch-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-core-2.26.1-3.25.2.s390x", product: { name: "git-core-2.26.1-3.25.2.s390x", product_id: "git-core-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.26.1-3.25.2.s390x", product: { name: "git-credential-gnome-keyring-2.26.1-3.25.2.s390x", product_id: "git-credential-gnome-keyring-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-credential-libsecret-2.26.1-3.25.2.s390x", product: { name: "git-credential-libsecret-2.26.1-3.25.2.s390x", product_id: "git-credential-libsecret-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-cvs-2.26.1-3.25.2.s390x", product: { name: "git-cvs-2.26.1-3.25.2.s390x", product_id: "git-cvs-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-daemon-2.26.1-3.25.2.s390x", product: { name: "git-daemon-2.26.1-3.25.2.s390x", product_id: "git-daemon-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-email-2.26.1-3.25.2.s390x", product: { name: "git-email-2.26.1-3.25.2.s390x", product_id: "git-email-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-gui-2.26.1-3.25.2.s390x", product: { name: "git-gui-2.26.1-3.25.2.s390x", product_id: "git-gui-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-p4-2.26.1-3.25.2.s390x", product: { name: "git-p4-2.26.1-3.25.2.s390x", product_id: "git-p4-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-svn-2.26.1-3.25.2.s390x", product: { name: "git-svn-2.26.1-3.25.2.s390x", product_id: "git-svn-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "git-web-2.26.1-3.25.2.s390x", product: { name: "git-web-2.26.1-3.25.2.s390x", product_id: "git-web-2.26.1-3.25.2.s390x", }, }, { category: "product_version", name: "gitk-2.26.1-3.25.2.s390x", product: { name: "gitk-2.26.1-3.25.2.s390x", product_id: "gitk-2.26.1-3.25.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "git-2.26.1-3.25.2.x86_64", product: { name: "git-2.26.1-3.25.2.x86_64", product_id: "git-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-arch-2.26.1-3.25.2.x86_64", product: { name: "git-arch-2.26.1-3.25.2.x86_64", product_id: "git-arch-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-core-2.26.1-3.25.2.x86_64", product: { name: "git-core-2.26.1-3.25.2.x86_64", product_id: "git-core-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.26.1-3.25.2.x86_64", product: { name: "git-credential-gnome-keyring-2.26.1-3.25.2.x86_64", product_id: "git-credential-gnome-keyring-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-credential-libsecret-2.26.1-3.25.2.x86_64", product: { name: "git-credential-libsecret-2.26.1-3.25.2.x86_64", product_id: "git-credential-libsecret-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-cvs-2.26.1-3.25.2.x86_64", product: { name: "git-cvs-2.26.1-3.25.2.x86_64", product_id: "git-cvs-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-daemon-2.26.1-3.25.2.x86_64", product: { name: "git-daemon-2.26.1-3.25.2.x86_64", product_id: "git-daemon-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-email-2.26.1-3.25.2.x86_64", product: { name: "git-email-2.26.1-3.25.2.x86_64", product_id: "git-email-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-gui-2.26.1-3.25.2.x86_64", product: { name: "git-gui-2.26.1-3.25.2.x86_64", product_id: "git-gui-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-p4-2.26.1-3.25.2.x86_64", product: { name: "git-p4-2.26.1-3.25.2.x86_64", product_id: "git-p4-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-svn-2.26.1-3.25.2.x86_64", product: { name: "git-svn-2.26.1-3.25.2.x86_64", product_id: "git-svn-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "git-web-2.26.1-3.25.2.x86_64", product: { name: "git-web-2.26.1-3.25.2.x86_64", product_id: "git-web-2.26.1-3.25.2.x86_64", }, }, { category: "product_version", name: "gitk-2.26.1-3.25.2.x86_64", product: { name: "gitk-2.26.1-3.25.2.x86_64", product_id: "gitk-2.26.1-3.25.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP1", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "git-core-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", }, product_reference: "git-core-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", }, product_reference: "git-core-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", }, product_reference: "git-core-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", }, product_reference: "git-core-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", }, product_reference: "git-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", }, product_reference: "git-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", }, product_reference: "git-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", }, product_reference: "git-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", }, product_reference: "git-arch-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", }, product_reference: "git-arch-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", }, product_reference: "git-arch-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", }, product_reference: "git-arch-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", }, product_reference: "git-cvs-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", }, product_reference: "git-cvs-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", }, product_reference: "git-cvs-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", }, product_reference: "git-cvs-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", }, product_reference: "git-daemon-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", }, product_reference: "git-daemon-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", }, product_reference: "git-daemon-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", }, product_reference: "git-daemon-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.26.1-3.25.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", }, product_reference: "git-doc-2.26.1-3.25.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", }, product_reference: "git-email-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", }, product_reference: "git-email-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", }, product_reference: "git-email-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", }, product_reference: "git-email-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", }, product_reference: "git-gui-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", }, product_reference: "git-gui-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", }, product_reference: "git-gui-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", }, product_reference: "git-gui-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", }, product_reference: "git-svn-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", }, product_reference: "git-svn-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", }, product_reference: "git-svn-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", }, product_reference: "git-svn-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", }, product_reference: "git-web-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", }, product_reference: "git-web-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", }, product_reference: "git-web-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", }, product_reference: "git-web-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.26.1-3.25.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", }, product_reference: "gitk-2.26.1-3.25.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.26.1-3.25.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", }, product_reference: "gitk-2.26.1-3.25.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.26.1-3.25.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", }, product_reference: "gitk-2.26.1-3.25.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.26.1-3.25.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", }, product_reference: "gitk-2.26.1-3.25.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2017-15298", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15298", }, ], notes: [ { category: "general", text: "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15298", url: "https://www.suse.com/security/cve/CVE-2017-15298", }, { category: "external", summary: "SUSE Bug 1063412 for CVE-2017-15298", url: "https://bugzilla.suse.com/1063412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "moderate", }, ], title: "CVE-2017-15298", }, { cve: "CVE-2018-11233", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11233", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11233", url: "https://www.suse.com/security/cve/CVE-2018-11233", }, { category: "external", summary: "SUSE Bug 1095218 for CVE-2018-11233", url: "https://bugzilla.suse.com/1095218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "important", }, ], title: "CVE-2018-11233", }, { cve: "CVE-2018-11235", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11235", }, ], notes: [ { category: "general", text: "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11235", url: "https://www.suse.com/security/cve/CVE-2018-11235", }, { category: "external", summary: "SUSE Bug 1095219 for CVE-2018-11235", url: "https://bugzilla.suse.com/1095219", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "important", }, ], title: "CVE-2018-11235", }, { cve: "CVE-2018-17456", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-17456", }, ], notes: [ { category: "general", text: "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-17456", url: "https://www.suse.com/security/cve/CVE-2018-17456", }, { category: "external", summary: "SUSE Bug 1110949 for CVE-2018-17456", url: "https://bugzilla.suse.com/1110949", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "important", }, ], title: "CVE-2018-17456", }, { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "important", }, ], title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19604", }, ], notes: [ { category: "general", text: "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-19604", url: "https://www.suse.com/security/cve/CVE-2019-19604", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158795 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158795", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "critical", }, ], title: "CVE-2019-19604", }, { cve: "CVE-2020-11008", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-11008", }, ], notes: [ { category: "general", text: "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-11008", url: "https://www.suse.com/security/cve/CVE-2020-11008", }, { category: "external", summary: "SUSE Bug 1169936 for CVE-2020-11008", url: "https://bugzilla.suse.com/1169936", }, { category: "external", summary: "SUSE Bug 1170741 for CVE-2020-11008", url: "https://bugzilla.suse.com/1170741", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "moderate", }, ], title: "CVE-2020-11008", }, { cve: "CVE-2020-5260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-5260", }, ], notes: [ { category: "general", text: "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-5260", url: "https://www.suse.com/security/cve/CVE-2020-5260", }, { category: "external", summary: "SUSE Bug 1168930 for CVE-2020-5260", url: "https://bugzilla.suse.com/1168930", }, { category: "external", summary: "SUSE Bug 1169936 for CVE-2020-5260", url: "https://bugzilla.suse.com/1169936", }, { category: "external", summary: "SUSE Bug 1170741 for CVE-2020-5260", url: "https://bugzilla.suse.com/1170741", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.26.1-3.25.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.26.1-3.25.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.26.1-3.25.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-04-28T05:15:55Z", details: "important", }, ], title: "CVE-2020-5260", }, ], }
suse-su-2020:0045-1
Vulnerability from csaf_suse
Published
2020-01-08 13:57
Modified
2020-01-08 13:57
Summary
Security update for git
Notes
Title of the patch
Security update for git
Description of the patch
This update for git fixes the following issues:
Security issues fixed:
- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).
- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).
- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).
- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).
- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).
- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).
- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).
- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).
- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).
- Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023)
Bug fixes:
- Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792).
Patchnames
SUSE-2020-45,SUSE-SLE-Module-Basesystem-15-2020-45,SUSE-SLE-Module-Basesystem-15-SP1-2020-45,SUSE-SLE-Module-Development-Tools-15-2020-45,SUSE-SLE-Module-Development-Tools-15-SP1-2020-45,SUSE-SLE-Module-Development-Tools-OBS-15-2020-45,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-45
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for git", title: "Title of the patch", }, { category: "description", text: "This update for git fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787).\n- CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795).\n- CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793).\n- CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792).\n- CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791).\n- CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790).\n- CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789).\n- CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788).\n- CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785).\n- Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023)\n\nBug fixes:\n\n- Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-45,SUSE-SLE-Module-Basesystem-15-2020-45,SUSE-SLE-Module-Basesystem-15-SP1-2020-45,SUSE-SLE-Module-Development-Tools-15-2020-45,SUSE-SLE-Module-Development-Tools-15-SP1-2020-45,SUSE-SLE-Module-Development-Tools-OBS-15-2020-45,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-45", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0045-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:0045-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200045-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:0045-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-January/006313.html", }, { category: "self", summary: "SUSE Bug 1082023", url: "https://bugzilla.suse.com/1082023", }, { category: "self", summary: "SUSE Bug 1149792", url: "https://bugzilla.suse.com/1149792", }, { category: "self", summary: "SUSE Bug 1158785", url: "https://bugzilla.suse.com/1158785", }, { category: "self", summary: "SUSE Bug 1158787", url: "https://bugzilla.suse.com/1158787", }, { category: "self", summary: "SUSE Bug 1158788", url: "https://bugzilla.suse.com/1158788", }, { category: "self", summary: "SUSE Bug 1158789", url: "https://bugzilla.suse.com/1158789", }, { category: "self", summary: "SUSE Bug 1158790", url: "https://bugzilla.suse.com/1158790", }, { category: "self", summary: "SUSE Bug 1158791", url: "https://bugzilla.suse.com/1158791", }, { category: "self", summary: "SUSE Bug 1158792", url: "https://bugzilla.suse.com/1158792", }, { category: "self", summary: "SUSE Bug 1158793", url: "https://bugzilla.suse.com/1158793", }, { category: "self", summary: "SUSE Bug 1158795", url: "https://bugzilla.suse.com/1158795", }, { category: "self", summary: "SUSE CVE CVE-2019-1348 page", url: "https://www.suse.com/security/cve/CVE-2019-1348/", }, { category: "self", summary: "SUSE CVE CVE-2019-1349 page", url: "https://www.suse.com/security/cve/CVE-2019-1349/", }, { category: "self", summary: "SUSE CVE CVE-2019-1350 page", url: "https://www.suse.com/security/cve/CVE-2019-1350/", }, { category: "self", summary: "SUSE CVE CVE-2019-1351 page", url: "https://www.suse.com/security/cve/CVE-2019-1351/", }, { category: "self", summary: "SUSE CVE CVE-2019-1352 page", url: "https://www.suse.com/security/cve/CVE-2019-1352/", }, { category: "self", summary: "SUSE CVE CVE-2019-1353 page", url: "https://www.suse.com/security/cve/CVE-2019-1353/", }, { category: "self", summary: "SUSE CVE CVE-2019-1354 page", url: "https://www.suse.com/security/cve/CVE-2019-1354/", }, { category: "self", summary: "SUSE CVE CVE-2019-1387 page", url: "https://www.suse.com/security/cve/CVE-2019-1387/", }, { category: "self", summary: "SUSE CVE CVE-2019-19604 page", url: "https://www.suse.com/security/cve/CVE-2019-19604/", }, ], title: "Security update for git", tracking: { current_release_date: "2020-01-08T13:57:05Z", generator: { date: "2020-01-08T13:57:05Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:0045-1", initial_release_date: "2020-01-08T13:57:05Z", revision_history: [ { date: "2020-01-08T13:57:05Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "git-2.16.4-3.17.2.aarch64", product: { name: "git-2.16.4-3.17.2.aarch64", product_id: "git-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-arch-2.16.4-3.17.2.aarch64", product: { name: "git-arch-2.16.4-3.17.2.aarch64", product_id: "git-arch-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-core-2.16.4-3.17.2.aarch64", product: { name: "git-core-2.16.4-3.17.2.aarch64", product_id: "git-core-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-3.17.2.aarch64", product: { name: "git-credential-gnome-keyring-2.16.4-3.17.2.aarch64", product_id: "git-credential-gnome-keyring-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-3.17.2.aarch64", product: { name: "git-credential-libsecret-2.16.4-3.17.2.aarch64", product_id: "git-credential-libsecret-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-cvs-2.16.4-3.17.2.aarch64", product: { name: "git-cvs-2.16.4-3.17.2.aarch64", product_id: "git-cvs-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-daemon-2.16.4-3.17.2.aarch64", product: { name: "git-daemon-2.16.4-3.17.2.aarch64", product_id: "git-daemon-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-email-2.16.4-3.17.2.aarch64", product: { name: "git-email-2.16.4-3.17.2.aarch64", product_id: "git-email-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-gui-2.16.4-3.17.2.aarch64", product: { name: "git-gui-2.16.4-3.17.2.aarch64", product_id: "git-gui-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-p4-2.16.4-3.17.2.aarch64", product: { name: "git-p4-2.16.4-3.17.2.aarch64", product_id: "git-p4-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-svn-2.16.4-3.17.2.aarch64", product: { name: "git-svn-2.16.4-3.17.2.aarch64", product_id: "git-svn-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "git-web-2.16.4-3.17.2.aarch64", product: { name: "git-web-2.16.4-3.17.2.aarch64", product_id: "git-web-2.16.4-3.17.2.aarch64", }, }, { category: "product_version", name: "gitk-2.16.4-3.17.2.aarch64", product: { name: "gitk-2.16.4-3.17.2.aarch64", product_id: "gitk-2.16.4-3.17.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "git-2.16.4-3.17.2.i586", product: { name: "git-2.16.4-3.17.2.i586", product_id: "git-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-arch-2.16.4-3.17.2.i586", product: { name: "git-arch-2.16.4-3.17.2.i586", product_id: "git-arch-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-core-2.16.4-3.17.2.i586", product: { name: "git-core-2.16.4-3.17.2.i586", product_id: "git-core-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-3.17.2.i586", product: { name: "git-credential-gnome-keyring-2.16.4-3.17.2.i586", product_id: "git-credential-gnome-keyring-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-3.17.2.i586", product: { name: "git-credential-libsecret-2.16.4-3.17.2.i586", product_id: "git-credential-libsecret-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-cvs-2.16.4-3.17.2.i586", product: { name: "git-cvs-2.16.4-3.17.2.i586", product_id: "git-cvs-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-daemon-2.16.4-3.17.2.i586", product: { name: "git-daemon-2.16.4-3.17.2.i586", product_id: "git-daemon-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-email-2.16.4-3.17.2.i586", product: { name: "git-email-2.16.4-3.17.2.i586", product_id: "git-email-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-gui-2.16.4-3.17.2.i586", product: { name: "git-gui-2.16.4-3.17.2.i586", product_id: "git-gui-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-p4-2.16.4-3.17.2.i586", product: { name: "git-p4-2.16.4-3.17.2.i586", product_id: "git-p4-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-svn-2.16.4-3.17.2.i586", product: { name: "git-svn-2.16.4-3.17.2.i586", product_id: "git-svn-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "git-web-2.16.4-3.17.2.i586", product: { name: "git-web-2.16.4-3.17.2.i586", product_id: "git-web-2.16.4-3.17.2.i586", }, }, { category: "product_version", name: "gitk-2.16.4-3.17.2.i586", product: { name: "gitk-2.16.4-3.17.2.i586", product_id: "gitk-2.16.4-3.17.2.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "git-doc-2.16.4-3.17.2.noarch", product: { name: "git-doc-2.16.4-3.17.2.noarch", product_id: "git-doc-2.16.4-3.17.2.noarch", }, }, { category: "product_version", name: "perl-Authen-SASL-2.16-1.3.1.noarch", product: { name: "perl-Authen-SASL-2.16-1.3.1.noarch", product_id: "perl-Authen-SASL-2.16-1.3.1.noarch", }, }, { category: "product_version", name: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch", product: { name: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch", product_id: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "git-2.16.4-3.17.2.ppc64le", product: { name: "git-2.16.4-3.17.2.ppc64le", product_id: "git-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-arch-2.16.4-3.17.2.ppc64le", product: { name: "git-arch-2.16.4-3.17.2.ppc64le", product_id: "git-arch-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-core-2.16.4-3.17.2.ppc64le", product: { name: "git-core-2.16.4-3.17.2.ppc64le", product_id: "git-core-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-3.17.2.ppc64le", product: { name: "git-credential-gnome-keyring-2.16.4-3.17.2.ppc64le", product_id: "git-credential-gnome-keyring-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-3.17.2.ppc64le", product: { name: "git-credential-libsecret-2.16.4-3.17.2.ppc64le", product_id: "git-credential-libsecret-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-cvs-2.16.4-3.17.2.ppc64le", product: { name: "git-cvs-2.16.4-3.17.2.ppc64le", product_id: "git-cvs-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-daemon-2.16.4-3.17.2.ppc64le", product: { name: "git-daemon-2.16.4-3.17.2.ppc64le", product_id: "git-daemon-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-email-2.16.4-3.17.2.ppc64le", product: { name: "git-email-2.16.4-3.17.2.ppc64le", product_id: "git-email-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-gui-2.16.4-3.17.2.ppc64le", product: { name: "git-gui-2.16.4-3.17.2.ppc64le", product_id: "git-gui-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-p4-2.16.4-3.17.2.ppc64le", product: { name: "git-p4-2.16.4-3.17.2.ppc64le", product_id: "git-p4-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-svn-2.16.4-3.17.2.ppc64le", product: { name: "git-svn-2.16.4-3.17.2.ppc64le", product_id: "git-svn-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "git-web-2.16.4-3.17.2.ppc64le", product: { name: "git-web-2.16.4-3.17.2.ppc64le", product_id: "git-web-2.16.4-3.17.2.ppc64le", }, }, { category: "product_version", name: "gitk-2.16.4-3.17.2.ppc64le", product: { name: "gitk-2.16.4-3.17.2.ppc64le", product_id: "gitk-2.16.4-3.17.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "git-2.16.4-3.17.2.s390x", product: { name: "git-2.16.4-3.17.2.s390x", product_id: "git-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-arch-2.16.4-3.17.2.s390x", product: { name: "git-arch-2.16.4-3.17.2.s390x", product_id: "git-arch-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-core-2.16.4-3.17.2.s390x", product: { name: "git-core-2.16.4-3.17.2.s390x", product_id: "git-core-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-3.17.2.s390x", product: { name: "git-credential-gnome-keyring-2.16.4-3.17.2.s390x", product_id: "git-credential-gnome-keyring-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-3.17.2.s390x", product: { name: "git-credential-libsecret-2.16.4-3.17.2.s390x", product_id: "git-credential-libsecret-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-cvs-2.16.4-3.17.2.s390x", product: { name: "git-cvs-2.16.4-3.17.2.s390x", product_id: "git-cvs-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-daemon-2.16.4-3.17.2.s390x", product: { name: "git-daemon-2.16.4-3.17.2.s390x", product_id: "git-daemon-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-email-2.16.4-3.17.2.s390x", product: { name: "git-email-2.16.4-3.17.2.s390x", product_id: "git-email-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-gui-2.16.4-3.17.2.s390x", product: { name: "git-gui-2.16.4-3.17.2.s390x", product_id: "git-gui-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-p4-2.16.4-3.17.2.s390x", product: { name: "git-p4-2.16.4-3.17.2.s390x", product_id: "git-p4-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-svn-2.16.4-3.17.2.s390x", product: { name: "git-svn-2.16.4-3.17.2.s390x", product_id: "git-svn-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "git-web-2.16.4-3.17.2.s390x", product: { name: "git-web-2.16.4-3.17.2.s390x", product_id: "git-web-2.16.4-3.17.2.s390x", }, }, { category: "product_version", name: "gitk-2.16.4-3.17.2.s390x", product: { name: "gitk-2.16.4-3.17.2.s390x", product_id: "gitk-2.16.4-3.17.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "git-2.16.4-3.17.2.x86_64", product: { name: "git-2.16.4-3.17.2.x86_64", product_id: "git-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-arch-2.16.4-3.17.2.x86_64", product: { name: "git-arch-2.16.4-3.17.2.x86_64", product_id: "git-arch-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-core-2.16.4-3.17.2.x86_64", product: { name: "git-core-2.16.4-3.17.2.x86_64", product_id: "git-core-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-credential-gnome-keyring-2.16.4-3.17.2.x86_64", product: { name: "git-credential-gnome-keyring-2.16.4-3.17.2.x86_64", product_id: "git-credential-gnome-keyring-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-credential-libsecret-2.16.4-3.17.2.x86_64", product: { name: "git-credential-libsecret-2.16.4-3.17.2.x86_64", product_id: "git-credential-libsecret-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-cvs-2.16.4-3.17.2.x86_64", product: { name: "git-cvs-2.16.4-3.17.2.x86_64", product_id: "git-cvs-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-daemon-2.16.4-3.17.2.x86_64", product: { name: "git-daemon-2.16.4-3.17.2.x86_64", product_id: "git-daemon-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-email-2.16.4-3.17.2.x86_64", product: { name: "git-email-2.16.4-3.17.2.x86_64", product_id: "git-email-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-gui-2.16.4-3.17.2.x86_64", product: { name: "git-gui-2.16.4-3.17.2.x86_64", product_id: "git-gui-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-p4-2.16.4-3.17.2.x86_64", product: { name: "git-p4-2.16.4-3.17.2.x86_64", product_id: "git-p4-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-svn-2.16.4-3.17.2.x86_64", product: { name: "git-svn-2.16.4-3.17.2.x86_64", product_id: "git-svn-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "git-web-2.16.4-3.17.2.x86_64", product: { name: "git-web-2.16.4-3.17.2.x86_64", product_id: "git-web-2.16.4-3.17.2.x86_64", }, }, { category: "product_version", name: "gitk-2.16.4-3.17.2.x86_64", product: { name: "gitk-2.16.4-3.17.2.x86_64", product_id: "gitk-2.16.4-3.17.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15", product: { name: "SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15", product: { name: "SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP1", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", }, product_reference: "git-core-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", }, product_reference: "git-core-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", }, product_reference: "git-core-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15", product_id: "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", }, product_reference: "git-core-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", }, product_reference: "git-core-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", }, product_reference: "git-core-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", }, product_reference: "git-core-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-core-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", }, product_reference: "git-core-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", }, product_reference: "git-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", }, product_reference: "git-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", }, product_reference: "git-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", }, product_reference: "git-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", }, product_reference: "git-arch-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", }, product_reference: "git-arch-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", }, product_reference: "git-arch-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", }, product_reference: "git-arch-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", }, product_reference: "git-cvs-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", }, product_reference: "git-cvs-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", }, product_reference: "git-cvs-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", }, product_reference: "git-cvs-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", }, product_reference: "git-daemon-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", }, product_reference: "git-daemon-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", }, product_reference: "git-daemon-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", }, product_reference: "git-daemon-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.16.4-3.17.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", }, product_reference: "git-doc-2.16.4-3.17.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", }, product_reference: "git-email-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", }, product_reference: "git-email-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", }, product_reference: "git-email-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", }, product_reference: "git-email-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", }, product_reference: "git-gui-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", }, product_reference: "git-gui-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", }, product_reference: "git-gui-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", }, product_reference: "git-gui-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", }, product_reference: "git-svn-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", }, product_reference: "git-svn-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", }, product_reference: "git-svn-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", }, product_reference: "git-svn-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", }, product_reference: "git-web-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", }, product_reference: "git-web-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", }, product_reference: "git-web-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", }, product_reference: "git-web-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", }, product_reference: "gitk-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", }, product_reference: "gitk-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", }, product_reference: "gitk-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", }, product_reference: "gitk-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "perl-Authen-SASL-2.16-1.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", }, product_reference: "perl-Authen-SASL-2.16-1.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15", product_id: "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", }, product_reference: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", }, product_reference: "git-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", }, product_reference: "git-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", }, product_reference: "git-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", }, product_reference: "git-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", }, product_reference: "git-arch-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", }, product_reference: "git-arch-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", }, product_reference: "git-arch-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-arch-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", }, product_reference: "git-arch-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", }, product_reference: "git-cvs-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", }, product_reference: "git-cvs-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", }, product_reference: "git-cvs-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-cvs-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", }, product_reference: "git-cvs-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", }, product_reference: "git-daemon-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", }, product_reference: "git-daemon-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", }, product_reference: "git-daemon-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-daemon-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", }, product_reference: "git-daemon-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-doc-2.16.4-3.17.2.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", }, product_reference: "git-doc-2.16.4-3.17.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", }, product_reference: "git-email-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", }, product_reference: "git-email-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", }, product_reference: "git-email-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-email-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", }, product_reference: "git-email-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", }, product_reference: "git-gui-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", }, product_reference: "git-gui-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", }, product_reference: "git-gui-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-gui-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", }, product_reference: "git-gui-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", }, product_reference: "git-svn-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", }, product_reference: "git-svn-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", }, product_reference: "git-svn-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-svn-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", }, product_reference: "git-svn-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", }, product_reference: "git-web-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", }, product_reference: "git-web-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", }, product_reference: "git-web-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "git-web-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", }, product_reference: "git-web-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", }, product_reference: "gitk-2.16.4-3.17.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", }, product_reference: "gitk-2.16.4-3.17.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", }, product_reference: "gitk-2.16.4-3.17.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "gitk-2.16.4-3.17.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", }, product_reference: "gitk-2.16.4-3.17.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "perl-Authen-SASL-2.16-1.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", }, product_reference: "perl-Authen-SASL-2.16-1.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, { category: "default_component_of", full_product_name: { name: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP1", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", }, product_reference: "perl-Net-SMTP-SSL-1.04-1.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2019-1348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1348", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1348", url: "https://www.suse.com/security/cve/CVE-2019-1348", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1348", url: "https://bugzilla.suse.com/1158785", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "low", }, ], title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1349", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1349", url: "https://www.suse.com/security/cve/CVE-2019-1349", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1349", url: "https://bugzilla.suse.com/1158787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "critical", }, ], title: "CVE-2019-1349", }, { cve: "CVE-2019-1350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1350", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1350", url: "https://www.suse.com/security/cve/CVE-2019-1350", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158788 for CVE-2019-1350", url: "https://bugzilla.suse.com/1158788", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "critical", }, ], title: "CVE-2019-1350", }, { cve: "CVE-2019-1351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1351", }, ], notes: [ { category: "general", text: "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1351", url: "https://www.suse.com/security/cve/CVE-2019-1351", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158789 for CVE-2019-1351", url: "https://bugzilla.suse.com/1158789", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "important", }, ], title: "CVE-2019-1351", }, { cve: "CVE-2019-1352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1352", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1352", url: "https://www.suse.com/security/cve/CVE-2019-1352", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158787 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158787", }, { category: "external", summary: "SUSE Bug 1158790 for CVE-2019-1352", url: "https://bugzilla.suse.com/1158790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "critical", }, ], title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1353", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1353", url: "https://www.suse.com/security/cve/CVE-2019-1353", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158791 for CVE-2019-1353", url: "https://bugzilla.suse.com/1158791", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "critical", }, ], title: "CVE-2019-1353", }, { cve: "CVE-2019-1354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1354", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1354", url: "https://www.suse.com/security/cve/CVE-2019-1354", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158792 for CVE-2019-1354", url: "https://bugzilla.suse.com/1158792", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "low", }, ], title: "CVE-2019-1354", }, { cve: "CVE-2019-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-1387", }, ], notes: [ { category: "general", text: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-1387", url: "https://www.suse.com/security/cve/CVE-2019-1387", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158793 for CVE-2019-1387", url: "https://bugzilla.suse.com/1158793", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "important", }, ], title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-19604", }, ], notes: [ { category: "general", text: "Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a \"git submodule update\" operation can run commands found in the .gitmodules file of a malicious repository.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2019-19604", url: "https://www.suse.com/security/cve/CVE-2019-19604", }, { category: "external", summary: "SUSE Bug 1158785 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158785", }, { category: "external", summary: "SUSE Bug 1158795 for CVE-2019-19604", url: "https://bugzilla.suse.com/1158795", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP1:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Basesystem 15:git-core-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP1:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP1:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-arch-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-cvs-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-daemon-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-doc-2.16.4-3.17.2.noarch", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-email-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-gui-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-svn-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:git-web-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.aarch64", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.s390x", "SUSE Linux Enterprise Module for Development Tools 15:gitk-2.16.4-3.17.2.x86_64", "SUSE Linux Enterprise Module for Development Tools 15:perl-Authen-SASL-2.16-1.3.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15:perl-Net-SMTP-SSL-1.04-1.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-01-08T13:57:05Z", details: "critical", }, ], title: "CVE-2019-19604", }, ], }
gsd-2019-1353
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
Aliases
Aliases
{ GSD: { alias: "CVE-2019-1353", description: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", id: "GSD-2019-1353", references: [ "https://www.suse.com/security/cve/CVE-2019-1353.html", "https://www.debian.org/security/2019/dsa-4581", "https://ubuntu.com/security/CVE-2019-1353", "https://security.archlinux.org/CVE-2019-1353", "https://alas.aws.amazon.com/cve/html/CVE-2019-1353.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-1353", ], details: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", id: "GSD-2019-1353", modified: "2023-12-13T01:23:51.025252Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1353", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Git", version: { version_data: [ { version_value: "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", refsource: "MISC", url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.14.6", versionStartIncluding: "2.14.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.15.4", versionStartIncluding: "2.15.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.16.6", versionStartIncluding: "2.16.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.17.3", versionStartIncluding: "2.17.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.18.2", versionStartIncluding: "2.18.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.19.3", versionStartIncluding: "2.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.20.2", versionStartIncluding: "2.20.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.21.1", versionStartIncluding: "2.21.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.22.2", versionStartIncluding: "2.22.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.23.1", versionStartIncluding: "2.23.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.24.1", versionStartIncluding: "2.24.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1353", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", refsource: "MISC", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", }, { name: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", refsource: "MISC", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", }, { name: "openSUSE-SU-2020:0123", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", }, { name: "GLSA-202003-30", refsource: "GENTOO", tags: [], url: "https://security.gentoo.org/glsa/202003-30", }, { name: "openSUSE-SU-2020:0598", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2021-01-26T14:47Z", publishedDate: "2020-01-24T22:15Z", }, }, }
wid-sec-w-2022-1613
Vulnerability from csaf_certbund
Published
2019-12-10 23:00
Modified
2024-09-02 22:00
Summary
git: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Git ist eine freie Software zur verteilten Versionsverwaltung von Dateien.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in git ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um Daten zu manipulieren.
Betroffene Betriebssysteme
- Appliance
- Linux
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Git ist eine freie Software zur verteilten Versionsverwaltung von Dateien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in git ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Appliance\n- Linux\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1613 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-1613.json", }, { category: "self", summary: "WID-SEC-2022-1613 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1613", }, { category: "external", summary: "CentOS Security Advisory CESA-2020:0124 vom 2020-01-18", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0124-Important-CentOS-7-git-Security-Update-tp4645808.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2020:0124 vom 2020-01-18", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0124-Important-CentOS-6-git-Security-Update-tp4645805.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0228 vom 2020-01-28", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0045-1 vom 2020-01-08", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200045-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0124 vom 2020-01-16", url: "https://access.redhat.com/errata/RHSA-2020:0124", }, { category: "external", summary: "Ubuntu Security Notice USN-4220-1 vom 2019-12-10", url: "https://usn.ubuntu.com/4220-1/", }, { category: "external", summary: "Debian Security Advisory DSA-4581-1 vom 2019-12-10", url: "https://lists.debian.org/debian-security-announce/2019/msg00234.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3311-1 vom 2019-12-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193311-1.html", }, { category: "external", summary: "Arch Linux Security Advisory ASA-201912-6 vom 2019-12-18", url: "https://security.archlinux.org/ASA-201912-6", }, { category: "external", summary: "Arch Linux Security Advisory ASA-201912-5 vom 2019-12-18", url: "https://security.archlinux.org/ASA-201912-5", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:4356 vom 2019-12-19", url: "https://access.redhat.com/errata/RHSA-2019:4356", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0002 vom 2020-01-02", url: "https://access.redhat.com/errata/RHSA-2020:0002", }, { category: "external", summary: "AVAYA Security Advisory ASA-2020-004 vom 2020-01-29", url: "https://downloads.avaya.com/css/P8/documents/101063582", }, { category: "external", summary: "Debian Security Advisory DLA 2059 vom 2020-03-02", url: "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00019.html", }, { category: "external", summary: "GENTOO Security Advisory GLSA/202003-42 vom 2020-03-19", url: "https://security.gentoo.org/glsa/202003-42", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1475 vom 2020-04-14", url: "https://access.redhat.com/errata/RHSA-2020:1475", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0992-1 vom 2020-04-24", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200992-1.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2020-0124 vom 2020-04-24", url: "https://oss.oracle.com/pipermail/el-errata/2020-January/009527.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:1121-1 vom 2020-04-28", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1.html", }, { category: "external", summary: "Debian Security Advisory DLA-2936 vom 2022-03-21", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3495-1 vom 2022-10-04", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012490.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1943 vom 2023-02-22", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1943.html", }, { category: "external", summary: "Debian Security Advisory DLA-3844 vom 2024-06-26", url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html", }, { category: "external", summary: "Debian Security Advisory DLA-3867 vom 2024-09-03", url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html", }, ], source_lang: "en-US", title: "git: Mehrere Schwachstellen", tracking: { current_release_date: "2024-09-02T22:00:00.000+00:00", generator: { date: "2024-09-03T11:46:38.476+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2022-1613", initial_release_date: "2019-12-10T23:00:00.000+00:00", revision_history: [ { date: "2019-12-10T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2019-12-11T23:00:00.000+00:00", number: "2", summary: "Referenz(en) aufgenommen: FEDORA-2019-9C3D054F39", }, { date: "2019-12-16T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-18T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Arch Linux aufgenommen", }, { date: "2019-12-19T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-01T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-08T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-01-16T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-19T23:00:00.000+00:00", number: "9", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2020-01-27T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-28T23:00:00.000+00:00", number: "11", summary: "Neue Updates von AVAYA aufgenommen", }, { date: "2020-03-02T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Debian aufgenommen", }, { date: "2020-03-19T23:00:00.000+00:00", number: "13", summary: "Neue Updates von GENTOO aufgenommen", }, { date: "2020-04-14T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-04-23T22:00:00.000+00:00", number: "15", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-04-28T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-03-20T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Debian aufgenommen", }, { date: "2022-10-04T22:00:00.000+00:00", number: "18", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-22T23:00:00.000+00:00", number: "19", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-06-25T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-09-02T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Debian aufgenommen", }, ], status: "final", version: "21", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Avaya Aura System Manager", product: { name: "Avaya Aura System Manager", product_id: "T015518", product_identification_helper: { cpe: "cpe:/a:avaya:aura_system_manager:-", }, }, }, ], category: "vendor", name: "Avaya", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { category: "product_name", name: "Open Source Arch Linux", product: { name: "Open Source Arch Linux", product_id: "T013312", product_identification_helper: { cpe: "cpe:/o:archlinux:archlinux:-", }, }, }, { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { category: "product_name", name: "Open Source git", product: { name: "Open Source git", product_id: "T015510", product_identification_helper: { cpe: "cpe:/a:open_source:git:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2019-1348", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1349", }, { cve: "CVE-2019-1352", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1353", }, { cve: "CVE-2019-1387", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-19604", }, ], }
WID-SEC-W-2022-1613
Vulnerability from csaf_certbund
Published
2019-12-10 23:00
Modified
2024-09-02 22:00
Summary
git: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Git ist eine freie Software zur verteilten Versionsverwaltung von Dateien.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in git ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um Daten zu manipulieren.
Betroffene Betriebssysteme
- Appliance
- Linux
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Git ist eine freie Software zur verteilten Versionsverwaltung von Dateien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in git ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Appliance\n- Linux\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1613 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-1613.json", }, { category: "self", summary: "WID-SEC-2022-1613 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1613", }, { category: "external", summary: "CentOS Security Advisory CESA-2020:0124 vom 2020-01-18", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0124-Important-CentOS-7-git-Security-Update-tp4645808.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2020:0124 vom 2020-01-18", url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0124-Important-CentOS-6-git-Security-Update-tp4645805.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0228 vom 2020-01-28", url: "https://access.redhat.com/errata/RHSA-2020:0228", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0045-1 vom 2020-01-08", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200045-1.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0124 vom 2020-01-16", url: "https://access.redhat.com/errata/RHSA-2020:0124", }, { category: "external", summary: "Ubuntu Security Notice USN-4220-1 vom 2019-12-10", url: "https://usn.ubuntu.com/4220-1/", }, { category: "external", summary: "Debian Security Advisory DSA-4581-1 vom 2019-12-10", url: "https://lists.debian.org/debian-security-announce/2019/msg00234.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2019:3311-1 vom 2019-12-16", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20193311-1.html", }, { category: "external", summary: "Arch Linux Security Advisory ASA-201912-6 vom 2019-12-18", url: "https://security.archlinux.org/ASA-201912-6", }, { category: "external", summary: "Arch Linux Security Advisory ASA-201912-5 vom 2019-12-18", url: "https://security.archlinux.org/ASA-201912-5", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2019:4356 vom 2019-12-19", url: "https://access.redhat.com/errata/RHSA-2019:4356", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:0002 vom 2020-01-02", url: "https://access.redhat.com/errata/RHSA-2020:0002", }, { category: "external", summary: "AVAYA Security Advisory ASA-2020-004 vom 2020-01-29", url: "https://downloads.avaya.com/css/P8/documents/101063582", }, { category: "external", summary: "Debian Security Advisory DLA 2059 vom 2020-03-02", url: "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00019.html", }, { category: "external", summary: "GENTOO Security Advisory GLSA/202003-42 vom 2020-03-19", url: "https://security.gentoo.org/glsa/202003-42", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2020:1475 vom 2020-04-14", url: "https://access.redhat.com/errata/RHSA-2020:1475", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:0992-1 vom 2020-04-24", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20200992-1.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2020-0124 vom 2020-04-24", url: "https://oss.oracle.com/pipermail/el-errata/2020-January/009527.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2020:1121-1 vom 2020-04-28", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1.html", }, { category: "external", summary: "Debian Security Advisory DLA-2936 vom 2022-03-21", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3495-1 vom 2022-10-04", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012490.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1943 vom 2023-02-22", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1943.html", }, { category: "external", summary: "Debian Security Advisory DLA-3844 vom 2024-06-26", url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html", }, { category: "external", summary: "Debian Security Advisory DLA-3867 vom 2024-09-03", url: "https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html", }, ], source_lang: "en-US", title: "git: Mehrere Schwachstellen", tracking: { current_release_date: "2024-09-02T22:00:00.000+00:00", generator: { date: "2024-09-03T11:46:38.476+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2022-1613", initial_release_date: "2019-12-10T23:00:00.000+00:00", revision_history: [ { date: "2019-12-10T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2019-12-11T23:00:00.000+00:00", number: "2", summary: "Referenz(en) aufgenommen: FEDORA-2019-9C3D054F39", }, { date: "2019-12-16T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2019-12-18T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Arch Linux aufgenommen", }, { date: "2019-12-19T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-01T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-08T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-01-16T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-19T23:00:00.000+00:00", number: "9", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2020-01-27T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-01-28T23:00:00.000+00:00", number: "11", summary: "Neue Updates von AVAYA aufgenommen", }, { date: "2020-03-02T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Debian aufgenommen", }, { date: "2020-03-19T23:00:00.000+00:00", number: "13", summary: "Neue Updates von GENTOO aufgenommen", }, { date: "2020-04-14T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2020-04-23T22:00:00.000+00:00", number: "15", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2020-04-28T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-03-20T23:00:00.000+00:00", number: "17", summary: "Neue Updates von Debian aufgenommen", }, { date: "2022-10-04T22:00:00.000+00:00", number: "18", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-22T23:00:00.000+00:00", number: "19", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-06-25T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-09-02T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Debian aufgenommen", }, ], status: "final", version: "21", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Avaya Aura System Manager", product: { name: "Avaya Aura System Manager", product_id: "T015518", product_identification_helper: { cpe: "cpe:/a:avaya:aura_system_manager:-", }, }, }, ], category: "vendor", name: "Avaya", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { category: "product_name", name: "Open Source Arch Linux", product: { name: "Open Source Arch Linux", product_id: "T013312", product_identification_helper: { cpe: "cpe:/o:archlinux:archlinux:-", }, }, }, { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, { category: "product_name", name: "Open Source git", product: { name: "Open Source git", product_id: "T015510", product_identification_helper: { cpe: "cpe:/a:open_source:git:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2019-1348", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1348", }, { cve: "CVE-2019-1349", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1349", }, { cve: "CVE-2019-1352", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1352", }, { cve: "CVE-2019-1353", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1353", }, { cve: "CVE-2019-1387", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-1387", }, { cve: "CVE-2019-19604", notes: [ { category: "description", text: "In git existieren mehrere Schwachstellen. Diese beruhen u. a. auf Fehlern bei der Verarbeitung von Eingaben oder bei der Umsetzung eingestellter Zugriffsprivilegien. Ein Angreifer kann dieses nutzen und Daten manipulieren oder Code mit den Privilegien des Angegriffenen zur Ausführung bringen. Zur erfolgreichen Ausnutzung dieser Schwachstellen ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T015518", "2951", "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T015510", "1727", "T004914", ], }, release_date: "2019-12-10T23:00:00.000+00:00", title: "CVE-2019-19604", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.