Control: retitle -1 git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE
Hi, On Wed, Mar 16, 2016 at 12:22:59PM +0100, Salvatore Bonaccorso wrote: > Then there is CVE-2016-2324. AFAICT, this is fixed by the path_name > removal, in > https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d > (v2.8.0-rc0). So this is *not* in any 2.7.x. According to the CVE > assignment, CVE-2016-2324 is for 'Related ... is integer overflow due > to a loop which adds more to "len"'. See: > > http://www.openwall.com/lists/oss-security/2016/03/16/2 For reference as well the confirmation in http://www.openwall.com/lists/oss-security/2016/03/16/9 Regards, Salvatore