Hi Jens Good point. I'll add it to dla-needed.txt with a special note to follow the upstream discussion. Upstream is not completely convinced.
Best regards // Ola On 15 October 2017 at 15:12, Jens Korte <[email protected]> wrote: > Am Sun, 15 Oct 2017 14:15:31 +0200 > schrieb Ola Lundqvist <[email protected]>: > >> Hi fellow LTS maintainers >> I have looked into CVE-2017-15298 for git. The vulnerability is that >> if you try to clone a crafted repo it may use very lot of memory. >> >> I'm not convinced that this is a vulnerability that we should spend >> time on. I mean the worst thing is that you have to press Ctrl-C to >> make it stop and then do not use that repo anymore. >> >> Or do you have another opinion? > > What happens, if people use a cronjob to run git? > > >> >> Best regards >> >> // Ola >> > -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
