[Bug 1856979] Re: GIT 2.x vulnerabilities
Eduardo dos Santos Barretto
1856979 at bugs.launchpad.net
Thu Dec 19 16:18:22 UTC 2019
Actually marking it as Fixed Released.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1856979
Title:
GIT 2.x vulnerabilities
Status in git package in Ubuntu:
Fix Released
Bug description:
git 2.X is affected by System access, Manipulation of data, Security Bypass vulnerabilities:
CVE‑2019‑1350 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1350> , CVE‑2019‑1351 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1351> , CVE‑2019‑1354 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1354> , CVE‑2019‑1348 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1348> , CVE‑2019‑1352 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1352> , CVE‑2019‑1349 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1349> , CVE‑2019‑19604 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19604> , CVE‑2019‑1387 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1387> , CVE‑2019‑1353 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1353>
Multiple vulnerabilities have been reported in GIT, which can be
exploited by malicious people to manipulate certain data, bypass
certain security restrictions, and compromise a vulnerable system.
Solution: Update to version 2.14.6, 2.15.4, 2.16.6, 2.17.3, 2.18.2,
2.19.3, 2.20.2, 2.21.1, 2.22.2, 2.23.1, or 2.24.1.
Current version in Ubuntu 18: 2.17.1.
References: https://groups.google.com/forum/#!msg/git-
packagers/AWRBO_5gqa4/67s1tN4SAwAJ
Please take appropriate measures.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1856979/+subscriptions
More information about the foundations-bugs
mailing list