{"id":"MGASA-2015-0157","summary":"Updated python-dulwich packages fix security vulnerabilities","details":"Updated python-dulwich package fixes security vulnerabilities:\n\nIt was discovered that Dulwich allows writing to files under .git/ when\nchecking out working trees. This could lead to the execution of arbitrary\ncode with the privileges of the user running an application based on Dulwich\n(CVE-2014-9706).\n\nIvan Fratric of the Google Security Team has found a buffer overflow in the\nC implementation of the apply_delta() function, used when accessing Git\nobjects in pack files. An attacker could take advantage of this flaw to\ncause the execution of arbitrary code with the privileges of the user\nrunning a Git server or client based on Dulwich (CVE-2015-0838).\n\nThe python-dulwich package has been updated to version 0.10.0, fixing these\nissues and other bugs.\n","modified":"2026-02-04T03:51:34.101613Z","published":"2015-04-15T17:22:53Z","related":["CVE-2014-9706","CVE-2015-0838"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0157.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15558"},{"type":"REPORT","url":"https://www.debian.org/security/2015/dsa-3206"},{"type":"REPORT","url":"https://git.samba.org/?p=jelmer/dulwich.git;a=blob;f=NEWS;h=d0616a0c"}],"affected":[{"package":{"name":"python-dulwich","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/python-dulwich?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.0-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0157.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}