Upstream information

CVE-2013-0308 at MITRE

Description

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 804730 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP2
  • git >= 1.7.12.4-0.5.1
  • git-arch >= 1.7.12.4-0.5.1
  • git-core >= 1.7.12.4-0.5.1
  • git-cvs >= 1.7.12.4-0.5.1
  • git-daemon >= 1.7.12.4-0.5.1
  • git-email >= 1.7.12.4-0.5.1
  • git-gui >= 1.7.12.4-0.5.1
  • git-svn >= 1.7.12.4-0.5.1
  • git-web >= 1.7.12.4-0.5.1
  • gitk >= 1.7.12.4-0.5.1
Patchnames:
sdksp2-git
SUSE Linux Enterprise Software Development Kit 11 SP4
  • git >= 1.7.12.4-0.9.1
  • git-arch >= 1.7.12.4-0.9.1
  • git-core >= 1.7.12.4-0.9.1
  • git-cvs >= 1.7.12.4-0.9.1
  • git-daemon >= 1.7.12.4-0.9.1
  • git-email >= 1.7.12.4-0.9.1
  • git-gui >= 1.7.12.4-0.9.1
  • git-svn >= 1.7.12.4-0.9.1
  • git-web >= 1.7.12.4-0.9.1
  • gitk >= 1.7.12.4-0.9.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA git
SUSE Linux Enterprise Software Development Kit 11 SP2
  • git >= 1.7.12.4-0.5.1
  • git-arch >= 1.7.12.4-0.5.1
  • git-core >= 1.7.12.4-0.5.1
  • git-cvs >= 1.7.12.4-0.5.1
  • git-daemon >= 1.7.12.4-0.5.1
  • git-email >= 1.7.12.4-0.5.1
  • git-gui >= 1.7.12.4-0.5.1
  • git-svn >= 1.7.12.4-0.5.1
  • git-web >= 1.7.12.4-0.5.1
  • gitk >= 1.7.12.4-0.5.1
Builds
SAT Patch Nr: 7398


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise SDK 11 SP2 git Released