On Thu, Mar 17, 2016 at 12:37:27AM +, Ben Hutchings wrote:
> On Wed, 2016-03-16 at 17:16 -0700, Jonathan Nieder wrote:
>> Ben Hutchings wrote:
>>> I intend to NMU git to fix these bugs in unstable, as they make most of
>>> my development activity unsafe.
>>>
>>> git maintainers, please let me
Processing control commands:
> retitle -1 git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished)
> server and client RCE
Bug #818318 [git] git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished)
server and client RCE, fixed in 2.7.3
Changed Bug title to 'git: CVE-2016-2324 a
Ben Hutchings wrote:
> I intend to NMU git to fix these bugs in unstable, as they make most of
> my development activity unsafe.
>
> git maintainers, please let me know if you're already preparing an
> update.
I'm already preparing an update.
Jonathan
On Wed, 2016-03-16 at 17:16 -0700, Jonathan Nieder wrote:
> Ben Hutchings wrote:
>
> >
> > I intend to NMU git to fix these bugs in unstable, as they make most of
> > my development activity unsafe.
> >
> > git maintainers, please let me know if you're already preparing an
> > update.
> I'm
Hi all,
Want to try to summarize:
CVE-2016-2315, fixed by
https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305
(v2.7.0-rc0).
Then there is CVE-2016-2324. AFAICT, this is fixed by the path_name
removal, in
Control: retitle -1 git: CVE-2016-2324 and CVE-2016-2315 (currently
unpublished) server and client RCE
Hi,
On Wed, Mar 16, 2016 at 12:22:59PM +0100, Salvatore Bonaccorso wrote:
> Then there is CVE-2016-2324. AFAICT, this is fixed by the path_name
> removal, in
>
I intend to NMU git to fix these bugs in unstable, as they make most of
my development activity unsafe.
git maintainers, please let me know if you're already preparing an
update.
Ben.
--
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.
signature.asc
On Tue, Mar 15, 2016 at 10:13 PM, Ximin Luo wrote:
> http://seclists.org/oss-sec/2016/q1/645
>
> Please upload 2.7.1 ASAP.
Just for the record, it should be 2.7.3 due to an integer overflow
fix[1] (no CVE). On the other hand, CVE-2016-2315 is already fixed in
Stretch and
Package: git
Version: 1:2.7.0-1
Severity: grave
Tags: upstream security
Justification: user security hole
Dear Maintainer,
This was just posted:
http://seclists.org/oss-sec/2016/q1/645
Please upload 2.7.1 ASAP.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT
9 matches
Mail list logo