1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3435-1] git security update

    From Laszlo Boszormenyi (GCS)@1:229/2 to All on Tue Jan 5 22:10:03 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3435-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi (GCS) January 05, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : git
    CVE ID : CVE-2015-7545

    Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could
    possibly use this issue to execute arbitary code by injecting commands
    via crafted URLs.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 1:1.7.10.4-1+wheezy2.

    For the stable distribution (jessie), this problem has been fixed in
    version 1:2.1.4-2.1+deb8u1.

    For the testing distribution (stretch), this problem has been fixed
    in version 1:2.6.1-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1:2.6.1-1.

    We recommend that you upgrade your git packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWjC+sAAoJEAVMuPMTQ89EmmgQAI4VBcUvPYHI/zCiVuyI4bct lCqWmgLZqWAt7ejm2P6yDCv74G8oyJ4aALaKG2S+rqRFussiDjVTMhcouW/sLITt SVRhkeDfhyE3gZr/pRgc2J5Rs5hAbtK7fnv4uKIbw4k+s1UTexuamPjhBQMyWhN8 ar6/V5ESe63hUIVzOgljz4brFvw3F1g3xrZXXT6za5ceAK39wAXLXzUTTSF+R+DB Sxv60xg5KO7OA3W8VWDeKkoH6SjrNoY/XZldVK6Aqy+VeTAhJndKUc1djy6TNhJF a5dj0rgVQvv1Mk2j5p84tYRrAxDJeBlIKF00Bd6M/MAPxumHuoc/aIRIvOCkOuQl FYiVXfL8jZzeEk3pYYm7L9qO6Sc3YesW0cRHaFrnDo45ZJ5PkrJ2jqRbpTzl8xA3 El5el6rzHwRaK8ZtgpbD1msU8ZCgLTVNDh5gwGQYIojAp9djM+GudR0l8Yxwwj/0 bUxXcECVKvtfp/qTJOJvirANhpT94jSb+1a9SJq9rkPcJr0qgniq85MsrRSPpcxA ZjxN2T2IWQxokgLJh8jT9LCyCLI3e0za3kVqygv+hKdmbXE4hrLgBGsInpXsKsMV opv6hvFSMzwj9e4q+YjRHQ9BEAYOlbNQz2t1XgQNrhze4ZO4iZ7COJqobgs/bT2+ nF54rbZ1Z58WtZaYgOo8
    =kWP3
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)