Debian: DSA-3435-1: git security update
Debian: DSA-3435-1: git security update
Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs.
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3435-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Laszlo Boszormenyi (GCS) January 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2015-7545 Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. For the oldstable distribution (wheezy), this problem has been fixed in version 1:1.7.10.4-1+wheezy2. For the stable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1:2.6.1-1. For the unstable distribution (sid), this problem has been fixed in version 1:2.6.1-1. We recommend that you upgrade your git packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.