[ubuntu/precise-updates] git 1:1.7.9.5-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jan 14 00:28:12 UTC 2015


git (1:1.7.9.5-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Add protections against malicious git commits that
    overwrite git metadata on HFS+ and NTFS filesystems. Some of the
    protections are enabled by default but the majority require git config
    options to be enabled. Set the core.protectHFS and/or core.protectNTFS git
    config variables to "true" if you use HFS+ and/or NTFS filesystems when
    pulling from untrusted git trees. Set the core.protectHFS,
    core.protectNTFS, and receive.fsckObjects git config variables to "true"
    if you host git trees and want to prevent malicious git commits from being
    pushed to your server. (LP: #1404035)
    - debian/diff/0015-CVE-2014-9390.diff: Check for potentially malicious
      paths in git commits. Based on upstream patches.
    - debian/rules: Set executable bit on a new test introduced in
      0015-CVE-2014-9390.diff
    - CVE-2014-9390

Date: 2015-01-13 19:29:31.942330+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list