An update for git is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1849 Final 1.0 1.0 2025-07-18 Initial 2025-07-18 2025-07-18 openEuler SA Tool V1.0 2025-07-18 git security update An update for git is now available for openEuler-22.03-LTS-SP3 Security Fix(es): A vulnerability was found in Microsoft Visual Studio (Programming Tool Software) (affected version not known). It has been classified as problematic.This is going to have an impact on confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.(CVE-2025-27613) A vulnerability, which was classified as problematic, has been found in Microsoft Visual Studio (Programming Tool Software) (version unknown).Impacted is confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.(CVE-2025-46334) A vulnerability was found in j6t git-gui up to 2.50.0 (Versioning Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-88. The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Impacted is confidentiality, integrity, and availability.The vulnerability scanner Nessus provides a plugin with the ID 241644 (FreeBSD : git -- multiple vulnerabilities (2a4472ed-5c0d-11f0-b991-291fce777db8)), which helps to determine the existence of the flaw in a target environment.Upgrading to version 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1 or 2.50.1 eliminates this vulnerability.The vulnerability is also documented in the vulnerability database at Tenable (241644).(CVE-2025-46835) An update for git is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High git https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1849 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-27613 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-46334 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-46334 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 openEuler-22.03-LTS-SP3 git-2.33.0-19.oe2203sp3.aarch64.rpm git-core-2.33.0-19.oe2203sp3.aarch64.rpm git-daemon-2.33.0-19.oe2203sp3.aarch64.rpm git-debuginfo-2.33.0-19.oe2203sp3.aarch64.rpm git-debugsource-2.33.0-19.oe2203sp3.aarch64.rpm git-2.33.0-19.oe2203sp3.src.rpm git-2.33.0-19.oe2203sp3.x86_64.rpm git-core-2.33.0-19.oe2203sp3.x86_64.rpm git-daemon-2.33.0-19.oe2203sp3.x86_64.rpm git-debuginfo-2.33.0-19.oe2203sp3.x86_64.rpm git-debugsource-2.33.0-19.oe2203sp3.x86_64.rpm git-email-2.33.0-19.oe2203sp3.noarch.rpm git-gui-2.33.0-19.oe2203sp3.noarch.rpm git-help-2.33.0-19.oe2203sp3.noarch.rpm git-svn-2.33.0-19.oe2203sp3.noarch.rpm git-web-2.33.0-19.oe2203sp3.noarch.rpm gitk-2.33.0-19.oe2203sp3.noarch.rpm perl-Git-2.33.0-19.oe2203sp3.noarch.rpm perl-Git-SVN-2.33.0-19.oe2203sp3.noarch.rpm A vulnerability was found in Microsoft Visual Studio (Programming Tool Software) (affected version not known). It has been classified as problematic.This is going to have an impact on confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. 2025-07-18 CVE-2025-27613 openEuler-22.03-LTS-SP3 Low 3.6 AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N git security update 2025-07-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1849 A vulnerability, which was classified as problematic, has been found in Microsoft Visual Studio (Programming Tool Software) (version unknown).Impacted is confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. 2025-07-18 CVE-2025-46334 openEuler-22.03-LTS-SP3 High 8.6 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H git security update 2025-07-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1849 A vulnerability was found in j6t git-gui up to 2.50.0 (Versioning Software). It has been rated as critical.Using CWE to declare the problem leads to CWE-88. The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Impacted is confidentiality, integrity, and availability.The vulnerability scanner Nessus provides a plugin with the ID 241644 (FreeBSD : git -- multiple vulnerabilities (2a4472ed-5c0d-11f0-b991-291fce777db8)), which helps to determine the existence of the flaw in a target environment.Upgrading to version 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1 or 2.50.1 eliminates this vulnerability.The vulnerability is also documented in the vulnerability database at Tenable (241644). 2025-07-18 CVE-2025-46835 openEuler-22.03-LTS-SP3 High 8.5 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L git security update 2025-07-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1849