UbuntuUpdates.org

Package "git-doc"

Name: git-doc

Description:

fast, scalable, distributed revision control system (documentation)

Latest version: 1:1.9.1-1ubuntu0.10
Release: trusty (14.04)
Level: security
Repository: main
Head package: git
Homepage: http://git-scm.com/

Links


Download "git-doc"


Other versions of "git-doc" in Trusty

Repository Area Version
base main 1:1.9.1-1
updates main 1:1.9.1-1ubuntu0.10

Changelog

Version: 1:1.9.1-1ubuntu0.5 2017-05-15 14:06:19 UTC

  git (1:1.9.1-1ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: git shell restriction bypass
    - debian/patches/CVE-2017-8386.patch: disallow repo names beginning
      with dash in shell.c.
    - CVE-2017-8386

 -- Marc Deslauriers <email address hidden> Fri, 12 May 2017 09:32:41 -0400

Source diff to previous version

Version: 1:1.9.1-1ubuntu0.4 2017-03-23 13:07:03 UTC

  git (1:1.9.1-1ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution via command completion
    - debian/diff/0018-CVE-2014-9938.patch: don't put unsanitized branch
      names in $PS1 in contrib/completion/git-prompt.sh, added test to
      t/t9903-bash-prompt.sh.
    - CVE-2014-9938

 -- Marc Deslauriers <email address hidden> Wed, 22 Mar 2017 15:20:36 -0400

Source diff to previous version
CVE-2014-9938 contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause cod

Version: 1:1.9.1-1ubuntu0.3 2016-03-21 19:06:38 UTC

  git (1:1.9.1-1ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
    execution (LP: #1557787)
    - debian/diff/0016-CVE-2016-2315.patch: Be explicit about the amount of
      memory being copied
    - CVE-2016-2315
  * SECURITY UPDATE: Fix denial of service or possible arbitrary remote code
    execution
    - debian/diff/0017-CVE-2016-2324.patch: Use the correct type and maximum
      size checks when calculating string lengths to prevent integer overflow
    - CVE-2016-2324

 -- Tyler Hicks <email address hidden> Mon, 21 Mar 2016 09:44:28 -0500

Source diff to previous version
1557787 client/server RCEs in path_name()
CVE-2016-2315 "int" is the wrong data type for ... nlen assignment
CVE-2016-2324 integer overflow due to a loop which adds more to "len"

Version: 1:1.9.1-1ubuntu0.2 2015-12-15 20:06:43 UTC

  git (1:1.9.1-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution issues via URLs
    - debian/diff/0011-CVE-2015-7545-1.patch: add a protocol-whitelist
      environment variable.
    - debian/diff/0012-CVE-2015-7545-2.patch: allow only certain protocols
      for submodule fetches.
    - debian/diff/0013-CVE-2015-7545-3.patch: refactor protocol whitelist
      code.
    - debian/diff/0014-CVE-2015-7545-4.patch: limit redirection to
      protocol-whitelist.
    - debian/diff/0015-CVE-2015-7545-5.patch: limit redirection depth.
    - debian/rules: make new tests executable.
    - CVE-2015-7545

 -- Marc Deslauriers Fri, 11 Dec 2015 14:35:05 -0500

Source diff to previous version
CVE-2015-7545 arbitrary code execution issues via URLs

Version: 1:1.9.1-1ubuntu0.1 2015-01-14 01:06:28 UTC

  git (1:1.9.1-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Add protections against malicious git commits that
    overwrite git metadata on HFS+ and NTFS filesystems. Some of the
    protections are enabled by default but the majority require git config
    options to be enabled. Set the core.protectHFS and/or core.protectNTFS git
    config variables to "true" if you use HFS+ and/or NTFS filesystems when
    pulling from untrusted git trees. Set the core.protectHFS,
    core.protectNTFS, and receive.fsckObjects git config variables to "true"
    if you host git trees and want to prevent malicious git commits from being
    pushed to your server. (LP: #1404035)
    - debian/diff/0010-CVE-2014-9390.diff: Check for potentially malicious
      paths in git commits. Based on upstream patches.
    - debian/rules: Set executable bit on a new test introduced in
      0010-CVE-2014-9390.diff
    - CVE-2014-9390
 -- Tyler Hicks <email address hidden> Tue, 13 Jan 2015 12:42:17 -0600

CVE-2014-9390 arbitrary command execution vulnerability on case-insensitive file systems



About   -   Send Feedback to @ubuntu_updates