UbuntuUpdates.org

Package "git"

Name: git

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • fast, scalable, distributed revision control system (all subpackages)
  • fast, scalable, distributed revision control system (arch interoperability)
  • fast, scalable, distributed revision control system (cvs interoperability)
  • fast, scalable, distributed revision control system (git-daemon service)

Latest version: 1:1.7.9.5-1ubuntu0.3
Release: precise (12.04)
Level: updates
Repository: universe

Links



Other versions of "git" in Precise

Repository Area Version
base universe 1:1.7.9.5-1
base main 1:1.7.9.5-1
security universe 1:1.7.9.5-1ubuntu0.3
security main 1:1.7.9.5-1ubuntu0.3
updates main 1:1.7.9.5-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:1.7.9.5-1ubuntu0.3 2016-03-21 21:06:43 UTC

  git (1:1.7.9.5-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
    execution (LP: #1557787)
    - debian/diff/0023-CVE-2016-2315.patch: Be explicit about the amount of
      memory being copied
    - CVE-2016-2315
  * SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
    execution
    - debian/diff/0024-CVE-2016-2324.patch: Use the correct type and maximum
      size checks when calculating string lengths to prevent integer overflow
    - CVE-2016-2324

 -- Tyler Hicks <email address hidden> Mon, 21 Mar 2016 09:44:42 -0500

Source diff to previous version
1557787 client/server RCEs in path_name()
CVE-2016-2315 "int" is the wrong data type for ... nlen assignment
CVE-2016-2324 integer overflow due to a loop which adds more to "len"

Version: 1:1.7.9.5-1ubuntu0.2 2015-12-15 21:06:52 UTC

  git (1:1.7.9.5-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution issues via URLs
    - debian/diff/0016-CVE-2015-7545-backport1.patch: add function
      string_list_append_nodup().
    - debian/diff/0017-CVE-2015-7545-backport2.patch: add two new functions
      for splitting strings.
    - debian/diff/0018-CVE-2015-7545-1.patch: add a protocol-whitelist
      environment variable.
    - debian/diff/0019-CVE-2015-7545-2.patch: allow only certain protocols
      for submodule fetches.
    - debian/diff/0020-CVE-2015-7545-3.patch: refactor protocol whitelist
      code.
    - debian/diff/0021-CVE-2015-7545-4.patch: limit redirection to
      protocol-whitelist.
    - debian/diff/0022-CVE-2015-7545-5.patch: limit redirection depth.
    - debian/rules: make new tests executable.
    - CVE-2015-7545

 -- Marc Deslauriers Fri, 11 Dec 2015 15:01:50 -0500

Source diff to previous version
CVE-2015-7545 arbitrary code execution issues via URLs

Version: 1:1.7.9.5-1ubuntu0.1 2015-01-14 01:06:28 UTC

  git (1:1.7.9.5-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Add protections against malicious git commits that
    overwrite git metadata on HFS+ and NTFS filesystems. Some of the
    protections are enabled by default but the majority require git config
    options to be enabled. Set the core.protectHFS and/or core.protectNTFS git
    config variables to "true" if you use HFS+ and/or NTFS filesystems when
    pulling from untrusted git trees. Set the core.protectHFS,
    core.protectNTFS, and receive.fsckObjects git config variables to "true"
    if you host git trees and want to prevent malicious git commits from being
    pushed to your server. (LP: #1404035)
    - debian/diff/0015-CVE-2014-9390.diff: Check for potentially malicious
      paths in git commits. Based on upstream patches.
    - debian/rules: Set executable bit on a new test introduced in
      0015-CVE-2014-9390.diff
    - CVE-2014-9390
 -- Tyler Hicks <email address hidden> Tue, 13 Jan 2015 12:42:19 -0600

CVE-2014-9390 arbitrary command execution vulnerability on case-insensitive file systems



About   -   Send Feedback to @ubuntu_updates