*** This bug is a security vulnerability *** Public security bug reported:
Git v2.17.1, v2.13.7, v2.14.4, v2.15.2 and v2.16.4 contain a fix for CVE 2018-11235 announced here: https://public-inbox.org/git/xmqqy3g2flb6....@gitster-ct.c.googlers.com/ Debian has fixed packages here: https://security- tracker.debian.org/tracker/CVE-2018-11235 I could not find the fixed packages for Ubuntu, the Ubuntu link on the above debian tracker results in a 404, and there is no newer package available in the repository for 18.04 LTS. ** Affects: git (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774061 Title: git: CVE 2018-11235 arbitary code execution via submodule names in .gitmodules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1774061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
