[ubuntu/xenial-security] git 1:2.7.4-0ubuntu1.5 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Fri Oct 12 00:24:02 UTC 2018
git (1:2.7.4-0ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via submodule URLs and
paths in .gitsubmodules.
- 0001-submodule-helper-use-to-signal-end-of-clone-options.patch,
0002-submodule-config-ban-submodule-urls-that-start-with-.patch,
0003-submodule-config-ban-submodule-paths-that-start-with.patch:
disallow urls and files that begin with '--'.
- 0004-fsck-detect-submodule-urls-starting-with-dash.patch,
0005-fsck-detect-submodule-paths-starting-with-dash.patch:
reject gitmodules that contain submdule urls and files that begin
with '--'.
- CVE-2018-17456
* SECURITY UPDATE: incomplete fix for CVE-2017-14867
- 0006-cvsimport-apply-shell-quoting-regex-globally.patch: escape
all instances of backticks
Date: 2018-10-11 01:42:12.842911+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list