[ubuntu/precise-security] git 1:1.7.9.5-1ubuntu0.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Dec 15 18:58:20 UTC 2015
git (1:1.7.9.5-1ubuntu0.2) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issues via URLs
- debian/diff/0016-CVE-2015-7545-backport1.patch: add function
string_list_append_nodup().
- debian/diff/0017-CVE-2015-7545-backport2.patch: add two new functions
for splitting strings.
- debian/diff/0018-CVE-2015-7545-1.patch: add a protocol-whitelist
environment variable.
- debian/diff/0019-CVE-2015-7545-2.patch: allow only certain protocols
for submodule fetches.
- debian/diff/0020-CVE-2015-7545-3.patch: refactor protocol whitelist
code.
- debian/diff/0021-CVE-2015-7545-4.patch: limit redirection to
protocol-whitelist.
- debian/diff/0022-CVE-2015-7545-5.patch: limit redirection depth.
- debian/rules: make new tests executable.
- CVE-2015-7545
Date: 2015-12-14 21:32:14.039850+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list