[ubuntu/trusty-updates] git 1:1.9.1-1ubuntu0.9 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Oct 12 00:58:15 UTC 2018
git (1:1.9.1-1ubuntu0.9) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via submodule URLs and
paths in .gitsubmodules.
- 0001-submodule-helper-use-to-signal-end-of-clone-options.patch,
0002-submodule-config-ban-submodule-urls-that-start-with-.patch,
0003-submodule-config-ban-submodule-paths-that-start-with.patch:
disallow urls and files that begin with '--'. Thanks to Jonathan
Nieder for the backported fixes.
- 0004-fsck-detect-submodule-urls-starting-with-dash.patch,
0005-fsck-detect-submodule-paths-starting-with-dash.patch:
reject gitmodules that contain submdule urls and files that begin
with '--'.
- CVE-2018-17456
* SECURITY UPDATE: incomplete fix for CVE-2017-14867
- 0006-cvsimport-apply-shell-quoting-regex-globally.patch: escape
all instances of backticks
* debian/patches/0007-fsck-fix.patch: return correct value on fsck
error (thanks to Pavel Cahyna for pointing this out).
Date: 2018-10-11 01:47:12.632961+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.9
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list