[Bug 1710016] [NEW] Please update Git to get the fix to CVE-2017-1000117
Jonathan Nieder
jrnieder at gmail.com
Thu Aug 10 21:19:26 UTC 2017
*** This bug is a security vulnerability ***
Public security bug reported:
A security bugfix was released today to Git: https://public-
inbox.org/git/xmqqh8xf482j.fsf at gitster.mtv.corp.google.com/T/#u.
Without it, cloning an attacker-controlled ssh:// URL (either directly
or indirectly via submodules) leads to arbitrary code execution.
** Affects: git (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000117
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1710016
Title:
Please update Git to get the fix to CVE-2017-1000117
Status in git package in Ubuntu:
New
Bug description:
A security bugfix was released today to Git: https://public-
inbox.org/git/xmqqh8xf482j.fsf at gitster.mtv.corp.google.com/T/#u.
Without it, cloning an attacker-controlled ssh:// URL (either directly
or indirectly via submodules) leads to arbitrary code execution.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1710016/+subscriptions
More information about the foundations-bugs
mailing list