CVE-2017-1000117 git: Command injection via malicious ssh URLs

Phil Dobbin bukowskiscat at gmail.com
Thu Aug 17 16:51:42 UTC 2017



On 17/08/17 13:51, Oliver Grawert wrote:
> hi,
> Am Donnerstag, den 17.08.2017, 13:16 +0100 schrieb Phil Dobbin:
>> Hi all.
>>
>> I've just seen this security update (from RedHat):
>>
>> 'CVE-2017-1000117 git: Command injection via malicious ssh URLs'
>>
>> & wondered if anybody knew when it will arrive in Apt?
>>
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000117
> .html

Hi Oli.

I must've missed it. I found the update for git in:

'/var/log/apt/term.log'

that was pushed on 11/08/17.

Cheers,

  Phil.

-- 
Where is the life that late I led?
    Petruchio, The Taming of the Shrew

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20170817/1f42d88b/attachment.sig>


More information about the ubuntu-users mailing list