blob: 62b50b3aba7e09bdc11387626467de5c9c539f92 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<define-tag description>buffer overflow</define-tag>
<define-tag moreinfo>
<p>The Debian stable point release 5.0.6 included updated packages of
the Git revision control system in order to fix a security issue.
Unfortunately, the update introduced a regression which could make
it impossible to clone or create Git repositories. This upgrade
fixes this regression, which is tracked as
<a href="https://bugs.debian.org/595728">Debian bug #595728</a>.</p>
<p>The original security issue allowed an attacker to execute arbitrary
code if he could trick a local user to execute a git command in a
crafted working directory (<a href="http://security-tracker.debian.org/tracker/CVE-2010-2542">CVE-2010-2542</a>).</p>
<p>For the stable distribution (lenny), this problem has been fixed in
version 1.5.6.5-3+lenny3.2.</p>
<p>The packages for the hppa architecture are not included in this
advisory. However, the hppa architecture is not known to be affected
by the regression.</p>
<p>For the testing distribution (squeeze) and the unstable distribution
(sid), the security issue has been fixed in version 1.7.1-1.1. These
distributions were not affected by the regression.</p>
<p>We recommend that you upgrade your git-core packages.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2010/dsa-2114.data"
# $Id$
|
