Package "git"
Name: |
git
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- fast, scalable, distributed revision control system (all subpackages)
- fast, scalable, distributed revision control system (arch interoperability)
- fast, scalable, distributed revision control system (cvs interoperability)
- fast, scalable, distributed revision control system (git-daemon service)
|
Latest version: |
1:1.7.9.5-1ubuntu0.3 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "git" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
git (1:1.7.9.5-1ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
execution (LP: #1557787)
- debian/diff/0023-CVE-2016-2315.patch: Be explicit about the amount of
memory being copied
- CVE-2016-2315
* SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
execution
- debian/diff/0024-CVE-2016-2324.patch: Use the correct type and maximum
size checks when calculating string lengths to prevent integer overflow
- CVE-2016-2324
-- Tyler Hicks <email address hidden> Mon, 21 Mar 2016 09:44:42 -0500
|
Source diff to previous version |
1557787 |
client/server RCEs in path_name() |
CVE-2016-2315 |
"int" is the wrong data type for ... nlen assignment |
CVE-2016-2324 |
integer overflow due to a loop which adds more to "len" |
|
git (1:1.7.9.5-1ubuntu0.2) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issues via URLs
- debian/diff/0016-CVE-2015-7545-backport1.patch: add function
string_list_append_nodup().
- debian/diff/0017-CVE-2015-7545-backport2.patch: add two new functions
for splitting strings.
- debian/diff/0018-CVE-2015-7545-1.patch: add a protocol-whitelist
environment variable.
- debian/diff/0019-CVE-2015-7545-2.patch: allow only certain protocols
for submodule fetches.
- debian/diff/0020-CVE-2015-7545-3.patch: refactor protocol whitelist
code.
- debian/diff/0021-CVE-2015-7545-4.patch: limit redirection to
protocol-whitelist.
- debian/diff/0022-CVE-2015-7545-5.patch: limit redirection depth.
- debian/rules: make new tests executable.
- CVE-2015-7545
-- Marc Deslauriers Fri, 11 Dec 2015 15:01:50 -0500
|
Source diff to previous version |
|
git (1:1.7.9.5-1ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: Add protections against malicious git commits that
overwrite git metadata on HFS+ and NTFS filesystems. Some of the
protections are enabled by default but the majority require git config
options to be enabled. Set the core.protectHFS and/or core.protectNTFS git
config variables to "true" if you use HFS+ and/or NTFS filesystems when
pulling from untrusted git trees. Set the core.protectHFS,
core.protectNTFS, and receive.fsckObjects git config variables to "true"
if you host git trees and want to prevent malicious git commits from being
pushed to your server. (LP: #1404035)
- debian/diff/0015-CVE-2014-9390.diff: Check for potentially malicious
paths in git commits. Based on upstream patches.
- debian/rules: Set executable bit on a new test introduced in
0015-CVE-2014-9390.diff
- CVE-2014-9390
-- Tyler Hicks <email address hidden> Tue, 13 Jan 2015 12:42:19 -0600
|
CVE-2014-9390 |
arbitrary command execution vulnerability on case-insensitive file systems |
|
About
-
Send Feedback to @ubuntu_updates