CVE-2008-5517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5517): The web interface in git in SUSE openSUSE 10.3 allows remote attackers to execute arbitrary commands via shell metacharacters in an unspecified context.
CVE-2008-5516 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5516): The web interface in git (gitweb) 1.5.6, and possibly other versions, allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. NOTE: because of the lack of details, it is not clear whether CVE-2008-5516 and CVE-2008-5517 are distinct issues on the rPath Linux 2 platform. CVE-2008-5916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5916): gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
*** This bug has been marked as a duplicate of bug 251343 ***