Source: git-core Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for git-core.
| Some vulnerabilities have been reported in GIT, which can potentially be | exploited by malicious people to compromise a user's system. | | The vulnerabilities are caused due to boundary errors in various functions when | processing overly long repository pathnames. These can be exploited to cause | stack-based buffer overflows by tricking a user into running e.g. "git-diff" or | "git-grep" against a repository containing pathnames that are larger than the | "PATH_MAX" value on the user's system. | | Successful exploitation may allow execution of arbitrary code. In this case there is no CVE id yet. I will add the CVE id to the bug report when I got it. Please make sure to add it in the changelog when fixing the bug then. You can find the upstream patch on: http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 For further information see: [0] http://secunia.com/advisories/31347/ -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpdF4Gz3OfRz.pgp
Description: PGP signature
