Novell Home


Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0308 at MITRE


The imap-send command in GIT before does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 804730

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP2
  • git >=
  • git-arch >=
  • git-core >=
  • git-cvs >=
  • git-daemon >=
  • git-email >=
  • git-gui >=
  • git-svn >=
  • git-web >=
  • gitk >=
SAT Patch Nr: 7398

© 2015 Novell