Upstream information

CVE-2013-0308 at MITRE

Description

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 804730 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP2
  • git >= 1.7.12.4-0.5.1
  • git-arch >= 1.7.12.4-0.5.1
  • git-core >= 1.7.12.4-0.5.1
  • git-cvs >= 1.7.12.4-0.5.1
  • git-daemon >= 1.7.12.4-0.5.1
  • git-email >= 1.7.12.4-0.5.1
  • git-gui >= 1.7.12.4-0.5.1
  • git-svn >= 1.7.12.4-0.5.1
  • git-web >= 1.7.12.4-0.5.1
  • gitk >= 1.7.12.4-0.5.1
 Patchnames:
sdksp2-git
SUSE Linux Enterprise Software Development Kit 11 SP2
  • git >= 1.7.12.4-0.5.1
  • git-arch >= 1.7.12.4-0.5.1
  • git-core >= 1.7.12.4-0.5.1
  • git-cvs >= 1.7.12.4-0.5.1
  • git-daemon >= 1.7.12.4-0.5.1
  • git-email >= 1.7.12.4-0.5.1
  • git-gui >= 1.7.12.4-0.5.1
  • git-svn >= 1.7.12.4-0.5.1
  • git-web >= 1.7.12.4-0.5.1
  • gitk >= 1.7.12.4-0.5.1
 Builds
SAT Patch Nr: 7398
openSUSE Evergreen 11.4
  • git >= 1.7.3.4-4.11.1
  • git-arch >= 1.7.3.4-4.11.1
  • git-core >= 1.7.3.4-4.11.1
  • git-core-debuginfo >= 1.7.3.4-4.11.1
  • git-cvs >= 1.7.3.4-4.11.1
  • git-daemon >= 1.7.3.4-4.11.1
  • git-daemon-debuginfo >= 1.7.3.4-4.11.1
  • git-debugsource >= 1.7.3.4-4.11.1
  • git-email >= 1.7.3.4-4.11.1
  • git-gui >= 1.7.3.4-4.11.1
  • git-remote-helpers >= 1.7.3.4-4.11.1
  • git-svn >= 1.7.3.4-4.11.1
  • git-web >= 1.7.3.4-4.11.1
  • gitk >= 1.7.3.4-4.11.1
 Patchnames:
2013-34