[Bug 1774061] Re: git: CVE 2018-11235 arbitary code execution via submodule names in .gitmodules
Launchpad Bug Tracker
1774061 at bugs.launchpad.net
Tue May 29 22:14:19 UTC 2018
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: git (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE 2018-11235 arbitary code execution via submodule names in
.gitmodules
Status in git package in Ubuntu:
Confirmed
Bug description:
Git v2.17.1, v2.13.7, v2.14.4, v2.15.2 and v2.16.4 contain a fix for CVE 2018-11235 announced here:
https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct.c.googlers.com/
Debian has fixed packages here: https://security-
tracker.debian.org/tracker/CVE-2018-11235
I could not find the fixed packages for Ubuntu, the Ubuntu link on the
above debian tracker results in a 404, and there is no newer package
available in the repository for 18.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1774061/+subscriptions
More information about the foundations-bugs
mailing list