{"schema_version":"1.7.2","id":"OESA-2021-1210","modified":"2021-06-07T11:02:56Z","published":"2021-06-07T11:02:56Z","upstream":["CVE-2021-29468"],"summary":"git security update","details":"Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.\nGit is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nCygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.(CVE-2021-29468)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"git","purl":"pkg:rpm/openEuler/git\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.27.0-4.oe1"}]}],"ecosystem_specific":{"aarch64":["git-debuginfo-2.27.0-4.oe1.aarch64.rpm","git-debugsource-2.27.0-4.oe1.aarch64.rpm","git-daemon-2.27.0-4.oe1.aarch64.rpm","git-2.27.0-4.oe1.aarch64.rpm"],"noarch":["perl-Git-SVN-2.27.0-4.oe1.noarch.rpm","git-svn-2.27.0-4.oe1.noarch.rpm","git-help-2.27.0-4.oe1.noarch.rpm","perl-Git-2.27.0-4.oe1.noarch.rpm","git-gui-2.27.0-4.oe1.noarch.rpm","git-web-2.27.0-4.oe1.noarch.rpm","gitk-2.27.0-4.oe1.noarch.rpm","git-email-2.27.0-4.oe1.noarch.rpm"],"src":["git-2.27.0-4.oe1.src.rpm"],"x86_64":["git-2.27.0-4.oe1.x86_64.rpm","git-daemon-2.27.0-4.oe1.x86_64.rpm","git-debuginfo-2.27.0-4.oe1.x86_64.rpm","git-debugsource-2.27.0-4.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1210"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-29468"}],"database_specific":{"severity":"High"}}