Debian: DSA-1841-2: New git-core packages fix build failure

    Date31 Jan 2010
    CategoryDebian
    39
    Posted ByLinuxSecurity Advisories
    A bug in git-core caused the security update in DSA 1841 to fail to build on a number of architectures Debian supports. This update corrects the bug and releases builds for all supported architectures. The original advisory is quoted in full below for reference.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1841-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    January 31, 2010                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : git-core
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 532935
    CVE ID         : CVE-2009-2108
    
    A bug in git-core caused the security update in DSA 1841 to fail to
    build on a number of architectures Debian supports. This update corrects
    the bug and releases builds for all supported architectures. The original
    advisory is quoted in full below for reference.
    
    It was discovered that git-daemon which is part of git-core, a popular
    distributed revision control system, is vulnerable to denial of service
    attacks caused by a programming mistake in handling requests containing
    extra unrecognized arguments which results in an infinite loop. While
    this is no problem for the daemon itself as every request will spawn a
    new git-daemon instance, this still results in a very high CPU consumption
    and might lead to denial of service conditions.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 1.4.4.4-4+etch4.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.5.6.5-3+lenny3.
    
    For the testing distribution (squeeze), this problem has been fixed in
    version 1:1.6.3.3-1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1:1.6.3.3-1.
    
    We recommend that you upgrade your git-core packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
        Size/MD5 checksum:  1054130 99bc7ea441226f792b6f796a838e7ef0
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4.diff.gz
        Size/MD5 checksum:    73235 dc66a5a33f4d839abd293af8e9d1c7f0
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4.dsc
        Size/MD5 checksum:      806 4ecf33d79aef69bd3ee67e39bd2e5603
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:    99956 bb358ac7ca0a4ff838d3b649fc280ac5
      http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:    94344 35222422017d16424d60b572d448b2ed
      http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:   101186 e50e5c5b047fd40306ec79177fb1e27b
      http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:    63440 1ce3e8f130c61118e15f50fbea98f745
      http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:    69120 555d3f7a0f717f022b837ec218840b5b
      http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:    88662 089131cbe345889f72b524e8d0c657ed
      http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:    55972 d06f9e25da08588e38b2c0a6fa346c4a
      http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch4_all.deb
        Size/MD5 checksum:   466846 3bef63b0904636416641058a04814b10
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_alpha.deb
        Size/MD5 checksum:  3088230 4515c64cfea5951473db08b8cc3435d3
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_amd64.deb
        Size/MD5 checksum:  2632004 b044de6564162f32353d84343e1e41ae
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_arm.deb
        Size/MD5 checksum:  2320858 3ed0f7b8c366351121fc9534df90d328
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_hppa.deb
        Size/MD5 checksum:  2694200 17f793cb6d02e633053f18d820ed63b1
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_i386.deb
        Size/MD5 checksum:  2349876 2c0d7e7f67af0f3d956626e4bf9c61a6
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_ia64.deb
        Size/MD5 checksum:  3815920 54305a771f4728607741fc91825abd60
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_mips.deb
        Size/MD5 checksum:  2769740 ff6077a27445fa6be6dc6df8d7a412ae
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_mipsel.deb
        Size/MD5 checksum:  2801552 d4a45ed2e6e0907d4a9b176ca9943e1d
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_powerpc.deb
        Size/MD5 checksum:  2639258 1626503d70b23864cc452876643b4b77
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_s390.deb
        Size/MD5 checksum:  2628348 7c6ba1577e3019fb36b9cd1e3b1ad9e0
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch4_sparc.deb
        Size/MD5 checksum:  2298750 ae0ebfaeceba12e48b1240f0e6cf2a14
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.dsc
        Size/MD5 checksum:     1332 f4dfc057bd2a48ba453816e04f34b7df
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
        Size/MD5 checksum:  2103619 c22da91c913a02305fd8a1a2298f75c9
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.diff.gz
        Size/MD5 checksum:   228640 87e8934e0efe7f374b21e0f8fb15474f
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   268052 976f1bdd1a003aa01360235d506a68b6
      http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   217816 a0719a52047880856fc560fbdd54311e
      http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   231042 a313316163e3db501357d834a1db7b90
      http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   267244 0b91300ac7fee3068cd7767f8998a6a6
      http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   298644 843b4c601e157df5f1ea559fe22e7a72
      http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   401594 d6737e683c17e09a3ecf7e9149af5de4
      http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   268286 1582d20b0024de9879e3f289129106d8
      http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:  1076836 1ec7e1d1d2539ed4277c35bef096ae8b
      http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny3_all.deb
        Size/MD5 checksum:   229326 aaf22d02fe5ac00a424be096dd8c1f80
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_alpha.deb
        Size/MD5 checksum:  3808760 24030074496a4a25e448baf21aae4450
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_amd64.deb
        Size/MD5 checksum:  3419522 190a16cd10d5591706e79d15831d6bfa
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_arm.deb
        Size/MD5 checksum:  3045458 8bebf2cf789fcba33a1d0dfc8d259f6b
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_armel.deb
        Size/MD5 checksum:  3068324 11e7a4ad3c4cd6c91b58d79536fdc282
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_hppa.deb
        Size/MD5 checksum:  3162798 fb850a0f8b458cc8ef68b7a98c25d269
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_i386.deb
        Size/MD5 checksum:  3139856 a19a17b97f8028298fe0bf0cc77fa139
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_ia64.deb
        Size/MD5 checksum:  4759214 30d6cc0cd9c19adc03e84ea6f4e0fa1d
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_mips.deb
        Size/MD5 checksum:  3409214 7a4aa4251c5e8b9ece35b76fec637e68
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_mipsel.deb
        Size/MD5 checksum:  3420712 1218f69d04d4b19bd06dbc8878aef769
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_powerpc.deb
        Size/MD5 checksum:  3473328 4fadd92d0f8554f29acb67e641cd355a
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_s390.deb
        Size/MD5 checksum:  3411332 0daeff8bd1b44a86c16d46572d51a43f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3_sparc.deb
        Size/MD5 checksum:  3069038 3ba2810657f07949ac284274f1356973
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.