[Bug 1557787] Re: client/server RCEs in path_name()
Launchpad Bug Tracker
1557787 at bugs.launchpad.net
Mon Mar 21 18:43:14 UTC 2016
This bug was fixed in the package git - 1:1.7.9.5-1ubuntu0.3
---------------
git (1:1.7.9.5-1ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
execution (LP: #1557787)
- debian/diff/0023-CVE-2016-2315.patch: Be explicit about the amount of
memory being copied
- CVE-2016-2315
* SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
execution
- debian/diff/0024-CVE-2016-2324.patch: Use the correct type and maximum
size checks when calculating string lengths to prevent integer overflow
- CVE-2016-2324
-- Tyler Hicks <tyhicks at canonical.com> Mon, 21 Mar 2016 09:44:42 -0500
** Changed in: git (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1557787
Title:
client/server RCEs in path_name()
Status in git package in Ubuntu:
Triaged
Status in git source package in Precise:
Fix Released
Status in git source package in Trusty:
Fix Released
Status in git source package in Wily:
Fix Released
Status in git package in Debian:
Fix Released
Bug description:
http://seclists.org/oss-sec/2016/q1/645
http://seclists.org/oss-sec/2016/q1/646
Fixed in 2.7.4 (contains backported removal of path_name from
2.8.0rc0)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1557787/+subscriptions
More information about the foundations-bugs
mailing list