Upstream information

CVE-2018-10857 at MITRE

Description

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

SUSE Bugzilla entries: 1098062 [RESOLVED / FIXED], 1098364 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub for SUSE Linux Enterprise 12
  • git-annex >= 6.20180626-7.1
  • git-annex-bash-completion >= 6.20180626-7.1
Patchnames:
openSUSE-2018-697
openSUSE Leap 15.0
  • git-annex >= 6.20180626-lp150.2.5.1
  • git-annex-bash-completion >= 6.20180626-lp150.2.5.1
Patchnames:
openSUSE-2018-697
openSUSE Leap 42.3
  • git-annex >= 6.20180626-8.1
  • git-annex-bash-completion >= 6.20180626-8.1
Patchnames:
openSUSE-2018-697