SUSE Package Hub - openSUSE-2019-497

Update Info

openSUSE-2019-497

Security update for git-annex

Type: security

Severity: moderate

Issued: 2019-03-23

Description:

This update for git-annex to version 6.20180626 fixes the following issues:

- CVE-2018-10857: Prevent file content disclosure by refusing to download
  content that cannot be verified with a hash, from encrypted special remotes and
  glacier (bsc#1098062).
- CVE-2018-10859: Prevent local gpg encrypted file disclosure by refusing to
  download content that cannot be verified with a hash, from encrypted special
  remotes (bsc#1098364).

This update brings many other bug fixes and new features.
http://hackage.haskell.org/package/git-annex-6.20180626/changelog
has a detailed list of changes.

References

CVE: CVE-2018-10859
CVE: CVE-2018-10857
Bugzilla: 1098364 VUL-0: CVE-2018-10859: git-annex: local gpg encrypted file disclosure
Bugzilla: 1098062 VUL-0: CVE-2018-10857: git-annex: file content disclosure

Packages

git-annex-6.20180626-7.1