This bug was fixed in the package git - 1:1.9.1-1ubuntu0.1
---------------
git (1:1.9.1-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Add protections against malicious git commits that
overwrite git metadata on HFS+ and NTFS filesystems. Some of the
protections are enabled by default but the majority require git config
options to be enabled. Set the core.protectHFS and/or core.protectNTFS git
config variables to "true" if you use HFS+ and/or NTFS filesystems when
pulling from untrusted git trees. Set the core.protectHFS,
core.protectNTFS, and receive.fsckObjects git config variables to "true"
if you host git trees and want to prevent malicious git commits from being
pushed to your server. (LP: #1404035)
- debian/diff/0010-CVE-2014-9390.diff: Check for potentially malicious
paths in git commits. Based on upstream patches.
- debian/rules: Set executable bit on a new test introduced in
0010-CVE-2014-9390.diff
- CVE-2014-9390
-- Tyler Hicks <[email protected]> Tue, 13 Jan 2015 12:42:17 -0600
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Errors in handling case-sensitive directories allow for remote code
execution on pull
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1404035/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
