[Bug 1774061] Re: git: CVE-2018-11235 arbitary code execution via submodule names in .gitmodules
Steve Beattie
sbeattie at ubuntu.com
Wed Jun 6 02:30:25 UTC 2018
** Changed in: git (Ubuntu)
Status: Fix Released => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names in
.gitmodules
Status in git package in Ubuntu:
Fix Committed
Bug description:
Git v2.17.1, v2.13.7, v2.14.4, v2.15.2 and v2.16.4 contain a fix for CVE 2018-11235 announced here:
https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct.c.googlers.com/
Debian has fixed packages here: https://security-
tracker.debian.org/tracker/CVE-2018-11235
I could not find the fixed packages for Ubuntu, the Ubuntu link on the
above debian tracker results in a 404, and there is no newer package
available in the repository for 18.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1774061/+subscriptions
More information about the foundations-bugs
mailing list