Bug#818318: marked as done (git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE)

Debian Bug Tracking System Sat, 19 Mar 2016 00:34:41 -0700

Your message dated Thu, 17 Mar 2016 03:55:50 +0000
with message-id <e1agp2m-0007x8...@franck.debian.org>
and subject line Bug#818318: fixed in git 1:2.8.0~rc3-1
has caused the Debian Bug report #818318,
regarding git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server 
and client RCE
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
818318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818318
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: git
Version: 1:2.7.0-1
Severity: grave
Tags: upstream security
Justification: user security hole

Dear Maintainer,

This was just posted:

http://seclists.org/oss-sec/2016/q1/645

Please upload 2.7.1 ASAP.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (300, 'unstable'), (200, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages git depends on:
ii  git-man                           1:2.7.0-1
ii  libc6                             2.21-9
ii  libcurl3-gnutls                   7.47.0-1
ii  liberror-perl                     0.17-1.2
ii  libexpat1                         2.1.0-7
ii  libpcre3                          2:8.38-3
ii  perl-modules-5.22 [perl-modules]  5.22.1-8
ii  zlib1g                            1:1.2.8.dfsg-2+b1

Versions of packages git recommends:
ii  less                         481-2.1
ii  openssh-client [ssh-client]  1:7.1p2-2
ii  patch                        2.7.5-1
ii  rsync                        3.1.1-3

Versions of packages git suggests:
ii  gettext-base         0.19.7-2
ii  git-arch             1:2.7.0-1
ii  git-cvs              1:2.7.0-1
ii  git-daemon-sysvinit  1:2.7.0-1
ii  git-doc              1:2.7.0-1
ii  git-el               1:2.7.0-1
ii  git-email            1:2.7.0-1
ii  git-gui              1:2.7.0-1
ii  git-mediawiki        1:2.7.0-1
ii  git-svn              1:2.7.0-1
ii  gitk                 1:2.7.0-1
ii  gitweb               1:2.7.0-1

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: git
Source-Version: 1:2.8.0~rc3-1

We believe that the bug you reported is fixed in the latest version of
git, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Nieder <jrnie...@gmail.com> (supplier of updated git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 Mar 2016 18:28:12 -0700
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki 
git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source all amd64
Version: 1:2.8.0~rc3-1
Distribution: unstable
Urgency: medium
Maintainer: Gerrit Pape <p...@smarden.org>
Changed-By: Jonathan Nieder <jrnie...@gmail.com>
Description:
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system 
(git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system 
(git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki 
in
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Closes: 818318
Changes:
 git (1:2.8.0~rc3-1) unstable; urgency=medium
 .
   * new upstream release candidate (see RelNotes/2.8.0.txt).
     * harden against on-stack and on-heap buffer overflows (CVE-2016-2324,
       CVE-2016-2315; closes: #818318).
   * debian/git.docs: update for README -> README.md renaming.
Checksums-Sha1:
 596e1c8bf24561ad6741156dece8b323537f2cba 2794 git_2.8.0~rc3-1.dsc
 5cbc98cc2bf62e08291ef1166fc99f3d2f2a9757 3938976 git_2.8.0~rc3.orig.tar.xz
 688c47a22e9eefe477848b66acf7d6c176c92cb6 506748 git_2.8.0~rc3-1.debian.tar.xz
 7001694354cb5b1e03b11e64a77dcbd65c1f6e08 636792 git-all_2.8.0~rc3-1_all.deb
 d93d946bf568c8ad20db3e675ee9049a5fe0907a 650134 git-arch_2.8.0~rc3-1_all.deb
 9fdc6b2e07457f852e7d289fc8cb90cc56bc2a86 1418 git-core_2.8.0~rc3-1_all.deb
 bb5b58cf58d046025fcc9499649af0a78e781768 699874 git-cvs_2.8.0~rc3-1_all.deb
 4618cb47e4ff63d67a730232033d6de6d708f2d7 638360 
git-daemon-run_2.8.0~rc3-1_all.deb
 bc2b3198eb6e3beaedf26f67dbba64444b12f550 639444 
git-daemon-sysvinit_2.8.0~rc3-1_all.deb
 b5eaeaa22782c7b914419aefcd595681b9a9e975 1509272 git-doc_2.8.0~rc3-1_all.deb
 d3f84c3de01bb258c672790234298ee5fa46e363 656426 git-el_2.8.0~rc3-1_all.deb
 789a28d7ec03fa3bda17e21518b221c921367ff4 658770 git-email_2.8.0~rc3-1_all.deb
 0cae6924f8aa09c27166ac3ebebfd76590a18982 837764 git-gui_2.8.0~rc3-1_all.deb
 ba709d563814552a6344acfebc236f9d85051575 1369898 git-man_2.8.0~rc3-1_all.deb
 71954272f192e98100e088f4102dfcb379a22fa4 652450 
git-mediawiki_2.8.0~rc3-1_all.deb
 7b27d15170072497318c3f219f4d9d00f9f41c5f 721508 git-svn_2.8.0~rc3-1_all.deb
 a7dd5d195d869e241c6faa284602032b34d7db3f 3681062 git_2.8.0~rc3-1_amd64.deb
 8177dce0c9ba18f99e7d8402142cecfdcc5f2482 762448 gitk_2.8.0~rc3-1_all.deb
 e54507e9114f347f742a61a256a3bef0c678d4b6 641250 gitweb_2.8.0~rc3-1_all.deb
Checksums-Sha256:
 6e81a318fb4eb5cca0333b7b6ff0c70dd0097e9fe711b159d5eac4b9f47c6c27 2794 
git_2.8.0~rc3-1.dsc
 30758bcd59e457459a077ba3eb85c5a9ff1d4663bc3fa3227e337b9c76bbbe69 3938976 
git_2.8.0~rc3.orig.tar.xz
 63f5211003220410c40557986ba05d44f8d8bf0b6f1d1ef2bbc4213ec186f158 506748 
git_2.8.0~rc3-1.debian.tar.xz
 8a92072d68ca3e844d01aee13a4de06a637cdcdd3eadc05d1017f9079370e23a 636792 
git-all_2.8.0~rc3-1_all.deb
 df1e314ba148fd87fee557d3613475e77b12a46e76a22d529ce18bf6d766c6fe 650134 
git-arch_2.8.0~rc3-1_all.deb
 fd8f95da3fb13af9c4583ca89f9a7e62da65cf751c1ff3bf41f4df615ea6f59c 1418 
git-core_2.8.0~rc3-1_all.deb
 5240460c43a3b93ef02b1a1bfc82e12851c9beefe4ca34877ad1f69fd5939532 699874 
git-cvs_2.8.0~rc3-1_all.deb
 e34a4ef6a0d32e4f1cbab7578e7ff38e38e07446a55ebb868e692a7cb8ff027a 638360 
git-daemon-run_2.8.0~rc3-1_all.deb
 801e42c87cc339db4195e4e79ed7146914a9459e39e840ad848b97ee94ba5e07 639444 
git-daemon-sysvinit_2.8.0~rc3-1_all.deb
 ea0fe44595ef3153e6ae78b68c5c1e577f529c92d91bcaf4e3a5fdabfb7a25a4 1509272 
git-doc_2.8.0~rc3-1_all.deb
 67a2a87eb6e61432726c039cdef7567a3d5cd4c284fe6aba40b632c173b6fcb4 656426 
git-el_2.8.0~rc3-1_all.deb
 ac61ff95791e338e00cf2557f3d753d567cf79368c037c6781e2df6a5c1b918f 658770 
git-email_2.8.0~rc3-1_all.deb
 85b70cca6ce0b182fae2f4a9a437c24a16f039492d3261d4281d69cf172edfee 837764 
git-gui_2.8.0~rc3-1_all.deb
 9febe5abba50e4bced2803dd1232ac214c2c1b72526462a95704942e6f7ac4b6 1369898 
git-man_2.8.0~rc3-1_all.deb
 614c8197da4cc30de6aaee9ba4c28d4b65f5b27cfb52d2d5db42429b9c1d64a1 652450 
git-mediawiki_2.8.0~rc3-1_all.deb
 7ac039059c95739067da75ac15212e3ac660830e97933681ce22443b32a08216 721508 
git-svn_2.8.0~rc3-1_all.deb
 4a3853affc89dc4314ae921f0f95245bc9c8fbcc5621d2a58ed3445510374360 3681062 
git_2.8.0~rc3-1_amd64.deb
 0264ad957d4e910b629e3e8f789038f9b09462edca6b886cca2bbdda7c8c8c61 762448 
gitk_2.8.0~rc3-1_all.deb
 5a424c6de626ab50808aa4a59f39b5df4a00964d1310af04bcaaf86de9edef8b 641250 
gitweb_2.8.0~rc3-1_all.deb
Files:
 97b2f14b897986011f36ec49444f8fb8 2794 vcs optional git_2.8.0~rc3-1.dsc
 28257aab6a68dacb03dc266900ed0345 3938976 vcs optional git_2.8.0~rc3.orig.tar.xz
 9b65cdd75d27e37e25b4241e6a7f7a69 506748 vcs optional 
git_2.8.0~rc3-1.debian.tar.xz
 bb3830fc28e300df3a3afb2e99ca548e 636792 vcs optional 
git-all_2.8.0~rc3-1_all.deb
 1314f3cfc936b0879afcb5c5ce951922 650134 vcs optional 
git-arch_2.8.0~rc3-1_all.deb
 80db4b01d5833d0cc5b75aacad2c9f43 1418 vcs optional git-core_2.8.0~rc3-1_all.deb
 c0e93a48bbd2dbe6dc141037262636e5 699874 vcs optional 
git-cvs_2.8.0~rc3-1_all.deb
 4ee5e6a9fb24557f497329921df00fd0 638360 vcs optional 
git-daemon-run_2.8.0~rc3-1_all.deb
 f1ff2530af63fac57329348035a83419 639444 vcs extra 
git-daemon-sysvinit_2.8.0~rc3-1_all.deb
 12a185ff942030d8342c9545ad16b022 1509272 doc optional 
git-doc_2.8.0~rc3-1_all.deb
 7d7f8b236ada962a708604780faa7c04 656426 vcs optional git-el_2.8.0~rc3-1_all.deb
 130d9a11a9669ebe2c103d2eee2930dc 658770 vcs optional 
git-email_2.8.0~rc3-1_all.deb
 61f00caaf1077a09e1f51c571cf72dae 837764 vcs optional 
git-gui_2.8.0~rc3-1_all.deb
 160e671630e0186662ab57058e844938 1369898 doc optional 
git-man_2.8.0~rc3-1_all.deb
 bcdc854c03f9b3378e4e042a3d889ec5 652450 vcs optional 
git-mediawiki_2.8.0~rc3-1_all.deb
 54fcd600174c0ca6bbf790783891ec81 721508 vcs optional 
git-svn_2.8.0~rc3-1_all.deb
 7c44cc0dedbfee235d1ca43a39ee0fa9 3681062 vcs optional git_2.8.0~rc3-1_amd64.deb
 0fda1dad3b83e1bee9f49dc9bd45c85c 762448 vcs optional gitk_2.8.0~rc3-1_all.deb
 a150431afa92268df78eec42fc730992 641250 vcs optional gitweb_2.8.0~rc3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW6g4IAAoJEN/Gce6zM/ol4oUP/1hf7XK36/lAi1SQqUS/G/ae
iZAzWP+BLudWIuVXF27DHI1z8lpqdZHeecNNZ4w1Rss2JM37dzMHyFK3dqjb1kO9
wE/Rb36njU1w2BRNbxVt7keouOpr7uQx9ojodaoq1fQLCNaZb6w2f8/2aKD2rRof
FlyOQe/DO5abqHbSolkFWPlcu5J/0p/cXNPHZYkgXH1a5PqVxbST6OqesWaUGmB0
ZBExAODTgct7+M1IIlOBLj3ErYR3do1X+ePbXKG2RxEjZm6moEvwAJp2vaeT/RtE
BeEHVeqbs/fj+hjCGxjzqMUAu6ONcpJLMEL94aH6SWh5sReC+XDqtrWLKwIAjbvt
8wkiJyUUjy0sX/1Lqu8he/3aPMsn0W5bStqcI3GnUXqYb5WG8ytkG7bUcSXu35QI
F48u84hSTNSgfT5yap7t6ANinEPWNKRJ5kpVrYCiXfbgaW/OUanyPfBVz4P/w8HN
GPl7TO3ZIdA4TbgwXu/Xc6JxBuhg5T1zW6p7bpwGKiUgG2eBuz/5fyKoOqzu5TNS
97lP91Eb4u58fMAgoEuQ+hreAuMZYo7jqh10fs0xdKraW7XmBI1d6yWS+7DKG/Sl
+7FKKdihIomSj6PeGfCaKN+rRlNdWqkPxpnn/HS3zduKYapPhiZFpJuZacrdY9Gb
05dwbpUXOAwj/XnfsrDw
=7Wwp
-----END PGP SIGNATURE-----

--- End Message ---

Bug#818318: marked as done (git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE)

Reply via email to