Hi Gerrit, * Gerrit Pape <[EMAIL PROTECTED]> [2008-08-13 11:04]: > On Thu, Aug 07, 2008 at 10:46:01AM +0200, Nico Golde wrote: > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for git-core. > > > You can find the upstream patch on: > > http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 > > > > For further information see: > > > > [0] http://secunia.com/advisories/31347/ > > Hi, upstream has three commits concerning buffer overflows in point > release 1.5.6.4 > > http://git.kernel.org/?p=git/git.git;a=commitdiff;h=620e2bb > http://git.kernel.org/?p=git/git.git;a=commitdiff;h=fd55a19 > http://git.kernel.org/?p=git/git.git;a=commitdiff;h=f66cf96 > > the NMU misses the first and third.
Ouch. Sorry for messing this up , I was under the impression that the patch in linked in the CVE id description is complete. > I suggest to upload upstream version 1.5.6.5 to fix this, provided it'll > be accepted for lenny. Ok. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpAbqm2KOMFK.pgp
Description: PGP signature
