[Bug 1774061] Re: git: CVE-2018-11235 arbitary code execution via submodule names in .gitmodules
Jan Bauer
1774061 at bugs.launchpad.net
Thu May 31 08:57:04 UTC 2018
The Ubuntu repo still provides the outdated git version 2.7.4.
This could be checked by running:
$ sudo apt-get update
$ sudo apt-cache policy git
This should be fixed with high priority.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11233
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names in
.gitmodules
Status in git package in Ubuntu:
Confirmed
Bug description:
Git v2.17.1, v2.13.7, v2.14.4, v2.15.2 and v2.16.4 contain a fix for CVE 2018-11235 announced here:
https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct.c.googlers.com/
Debian has fixed packages here: https://security-
tracker.debian.org/tracker/CVE-2018-11235
I could not find the fixed packages for Ubuntu, the Ubuntu link on the
above debian tracker results in a 404, and there is no newer package
available in the repository for 18.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1774061/+subscriptions
More information about the foundations-bugs
mailing list