VDB
GCVE-110-MAGEIA-2015-157
GCVE-110-MAGEIA-2015-157
Advisory Published
Updated python-dulwich package fixes security vulnerabilities:
It was discovered that Dulwich allows writing to files under .git/ when
checking out working trees. This could lead to the execution of arbitrary
code with the privileges of the user running an application based on Dulwich
(CVE-2014-9706).
Ivan Fratric of the Google Security Team has found a buffer overflow in the
C implementation of the apply_delta() function, used when accessing Git
objects in pack files. An attacker could take advantage of this flaw to
cause the execution of arbitrary code with the privileges of the user
running a Git server or client based on Dulwich (CVE-2015-0838).
The python-dulwich package has been updated to version 0.10.0, fixing these
issues and other bugs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-dulwich | 0 (affected), 0.10.0-1.mga4 (unaffected), 0 (affected), 0.10.0-1.mga4 (unaffected) | — |
| Mageia | libgpod | 0 (affected), 0.8.3-8.1.mga5 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.