[SRCTREEWIN-5918] SourceTree 7za Vulnerability.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 1.9.7, 1.9.7-beta-0
Affects Version/s: 1.8.3
Component/s: General
Labels:
- cvss-medium
- security

SourceTree Version 1.8.3 installs a 7za.exe (C:\Program Files (x86)\Atlassian\SourceTree\tools\7za.exe) in Version 9.20, which has known vulnerabilities:
CVE-2016-2334
CVE-2016-2335

More information about the vulnerabilities: http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

There are no comments yet on this issue.

Assignee:: minnsey

Reporter:: Gary

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 13/Jul/2016 7:48 PM

Updated:: 05/Dec/2019 5:09 AM

Resolved:: 30/Jul/2016 5:34 AM

Sourcetree for Windows

Details

Description

Attachments

Forms

Activity

People

Dates