VulnerableCode Package Details - pkg:deb/debian/dulwich@0.8.5-2%2Bdeb7u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-74n4-53mc-2uc3 Aliases: CVE-2014-9706 GHSA-4j5j-58j7-6c3w PYSEC-2015-34	The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.	0.16.3-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-duga-b9sn-b7fc Aliases: CVE-2015-0838 GHSA-vjjf-3rvg-gv3v PYSEC-2015-35	Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.	0.16.3-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-j1c4-rux6-wygr Aliases: CVE-2014-9390 GHSA-6vvc-c2m3-cjf3 PYSEC-2020-217	Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.	0.16.3-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wegc-1zcu-qygw Aliases: CVE-2017-16228 GHSA-cwwh-4382-6fwr PYSEC-2017-12	Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.	0.19.11-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-74n4-53mc-2uc3
Aliases:
CVE-2014-9706
GHSA-4j5j-58j7-6c3w
PYSEC-2015-34

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

0.16.3-1
Affected by 1 other vulnerability.

VCID-duga-b9sn-b7fc
Aliases:
CVE-2015-0838
GHSA-vjjf-3rvg-gv3v
PYSEC-2015-35

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

0.16.3-1
Affected by 1 other vulnerability.

VCID-j1c4-rux6-wygr
Aliases:
CVE-2014-9390
GHSA-6vvc-c2m3-cjf3
PYSEC-2020-217

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

0.16.3-1
Affected by 1 other vulnerability.

VCID-wegc-1zcu-qygw
Aliases:
CVE-2017-16228
GHSA-cwwh-4382-6fwr
PYSEC-2017-12

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.

0.19.11-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-74n4-53mc-2uc3	The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.	CVE-2014-9706 GHSA-4j5j-58j7-6c3w PYSEC-2015-34
VCID-duga-b9sn-b7fc	Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.	CVE-2015-0838 GHSA-vjjf-3rvg-gv3v PYSEC-2015-35

Vulnerability

Summary

Aliases

VCID-74n4-53mc-2uc3

CVE-2014-9706
GHSA-4j5j-58j7-6c3w
PYSEC-2015-34

VCID-duga-b9sn-b7fc

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

CVE-2015-0838
GHSA-vjjf-3rvg-gv3v
PYSEC-2015-35

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:02:25.891386+00:00	Debian Oval Importer	Affected by	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:47:24.565755+00:00	Debian Oval Importer	Affected by	VCID-j1c4-rux6-wygr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:57:29.709186+00:00	Debian Oval Importer	Affected by	VCID-74n4-53mc-2uc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:24:11.285732+00:00	Debian Oval Importer	Affected by	VCID-wegc-1zcu-qygw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T13:14:19.798253+00:00	Debian Oval Importer	Fixing	VCID-74n4-53mc-2uc3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-15T12:57:10.201918+00:00	Debian Oval Importer	Fixing	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-11T22:38:37.506482+00:00	Debian Oval Importer	Affected by	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:28:18.250446+00:00	Debian Oval Importer	Affected by	VCID-j1c4-rux6-wygr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:39:29.908426+00:00	Debian Oval Importer	Affected by	VCID-74n4-53mc-2uc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:12:22.454451+00:00	Debian Oval Importer	Affected by	VCID-wegc-1zcu-qygw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T13:03:05.227458+00:00	Debian Oval Importer	Fixing	VCID-74n4-53mc-2uc3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-11T12:45:45.202453+00:00	Debian Oval Importer	Fixing	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-08T22:13:50.989881+00:00	Debian Oval Importer	Affected by	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:08:42.054906+00:00	Debian Oval Importer	Affected by	VCID-j1c4-rux6-wygr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:22:32.761106+00:00	Debian Oval Importer	Affected by	VCID-74n4-53mc-2uc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:07:21.017680+00:00	Debian Oval Importer	Affected by	VCID-wegc-1zcu-qygw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T21:38:05.583817+00:00	Debian Oval Importer	Fixing	VCID-74n4-53mc-2uc3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-06T07:17:33.614709+00:00	Debian Oval Importer	Fixing	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0
2026-04-02T13:02:06.255758+00:00	Debian Oval Importer	Fixing	VCID-duga-b9sn-b7fc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.0.0