UbuntuUpdates.org

Package "git"

Name: git

Description:

fast, scalable, distributed revision control system

Latest version: 1:2.17.1-1ubuntu0.3
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://git-scm.com/

Links

Save this URL for the latest version of "git": https://www.ubuntuupdates.org/git


Download "git"


Other versions of "git" in Bionic

Repository Area Version
base main 1:2.17.0-1ubuntu1
base universe 1:2.17.0-1ubuntu1
security universe 1:2.17.1-1ubuntu0.3
updates universe 1:2.17.1-1ubuntu0.3
updates main 1:2.17.1-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.17.1-1ubuntu0.3 2018-10-12 02:06:26 UTC

  git (1:2.17.1-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via submodule URLs and
    paths in .gitsubmodules.
    - 0001-submodule-helper-use-to-signal-end-of-clone-options.patch,
      0002-submodule-config-ban-submodule-urls-that-start-with-.patch,
      0003-submodule-config-ban-submodule-paths-that-start-with.patch:
      disallow urls and files that begin with '--'.
    - 0004-fsck-detect-submodule-urls-starting-with-dash.patch,
      0005-fsck-detect-submodule-paths-starting-with-dash.patch:
      reject gitmodules that contain submdule urls and files that begin
      with '--'.
    - CVE-2018-17456

Source diff to previous version
CVE-2018-17456 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote cod

Version: 1:2.17.1-1ubuntu0.1 2018-06-05 22:07:20 UTC

  git (1:2.17.1-1ubuntu0.1) bionic-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via submodule names
    in .gitsubmodules.
    - CVE-2018-11235
  * SECURITY UPDATE: out-of-bounds memory when sanity-checking
    pathnames on NTFS
    - CVE-2018-11233
  * Merge from Debian (LP: #1774061). Remaining changes:
    - debian/control: build against pcre v3 only
    - debian/rules: s390x libpcre3 library has JIT disabled, set
      NO_LIBPCRE1_JIT on that arch to stop the build from failing.

1774061 git: CVE-2018-11235 arbitary code execution via submodule names in .gitmodules
CVE-2018-11235 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Wi
CVE-2018-11233 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on N



About   -   Send Feedback to @ubuntu_updates