[SRCTREEWIN-5918] SourceTree 7za Vulnerability.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 1.9.7, 1.9.7-beta-0
Affects Version/s: 1.8.3
Component/s: General
Labels:
- cvss-medium
- security

SourceTree Version 1.8.3 installs a 7za.exe (C:\Program Files (x86)\Atlassian\SourceTree\tools\7za.exe) in Version 9.20, which has known vulnerabilities:
CVE-2016-2334
CVE-2016-2335

More information about the vulnerabilities: http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

Yasmine made changes - 05/Dec/2019 5:09 AM

Labels

Original: security

New: cvss-medium security

Yasmine made changes - 05/Dec/2019 5:09 AM

Labels

Original: cvss-medium security

New: security

Monique Khairuliana (Inactive) made changes - 30/Sep/2019 4:22 AM

Workflow

Original: JAC Bug Workflow v3 [ 3450530 ]

New: SRCTREE JAC Bug Workflow [ 3741210 ]

Monique Khairuliana (Inactive) made changes - 26/Aug/2019 5:09 AM

Workflow	Original: SourceTree Bug Workflow [ 1580264 ]	New: JAC Bug Workflow v3 [ 3450530 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

minnsey made changes - 30/Jul/2016 5:34 AM

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

minnsey made changes - 30/Jul/2016 5:34 AM

Fix Version/s

New: 1.9.7-beta-0 [ 62738 ]

minnsey made changes - 30/Jul/2016 4:15 AM

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

minnsey made changes - 30/Jul/2016 4:15 AM

Fix Version/s

New: 1.9.7 [ 62732 ]

minnsey made changes - 27/Jul/2016 7:44 PM

Assignee

New: minnsey [ mminns ]

Security Metrics Bot made changes - 15/Jul/2016 3:18 PM

Due Date

New: 09/Sep/2016

Assignee:: minnsey

Reporter:: Gary

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 13/Jul/2016 7:48 PM

Updated:: 05/Dec/2019 5:09 AM

Resolved:: 30/Jul/2016 5:34 AM

Sourcetree for Windows

Details

Description

Attachments

Forms

Activity

People

Dates