Bug#818318: marked as done (git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE)

Debian Bug Tracking System Sat, 19 Mar 2016 14:36:45 -0700

Your message dated Sat, 19 Mar 2016 21:33:12 +0000
with message-id <e1ahoui-00006d...@franck.debian.org>
and subject line Bug#818318: fixed in git 1:1.7.10.4-1+wheezy3
has caused the Debian Bug report #818318,
regarding git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server 
and client RCE
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
818318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818318
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: git
Version: 1:2.7.0-1
Severity: grave
Tags: upstream security
Justification: user security hole

Dear Maintainer,

This was just posted:

http://seclists.org/oss-sec/2016/q1/645

Please upload 2.7.1 ASAP.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (300, 'unstable'), (200, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages git depends on:
ii  git-man                           1:2.7.0-1
ii  libc6                             2.21-9
ii  libcurl3-gnutls                   7.47.0-1
ii  liberror-perl                     0.17-1.2
ii  libexpat1                         2.1.0-7
ii  libpcre3                          2:8.38-3
ii  perl-modules-5.22 [perl-modules]  5.22.1-8
ii  zlib1g                            1:1.2.8.dfsg-2+b1

Versions of packages git recommends:
ii  less                         481-2.1
ii  openssh-client [ssh-client]  1:7.1p2-2
ii  patch                        2.7.5-1
ii  rsync                        3.1.1-3

Versions of packages git suggests:
ii  gettext-base         0.19.7-2
ii  git-arch             1:2.7.0-1
ii  git-cvs              1:2.7.0-1
ii  git-daemon-sysvinit  1:2.7.0-1
ii  git-doc              1:2.7.0-1
ii  git-el               1:2.7.0-1
ii  git-email            1:2.7.0-1
ii  git-gui              1:2.7.0-1
ii  git-mediawiki        1:2.7.0-1
ii  git-svn              1:2.7.0-1
ii  gitk                 1:2.7.0-1
ii  gitweb               1:2.7.0-1

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: git
Source-Version: 1:1.7.10.4-1+wheezy3

We believe that the bug you reported is fixed in the latest version of
git, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Mar 2016 21:48:34 +0100
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-email 
git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source amd64 all
Version: 1:1.7.10.4-1+wheezy3
Distribution: wheezy-security
Urgency: high
Maintainer: Gerrit Pape <p...@smarden.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description: 
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system 
(git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system 
(git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Closes: 818318
Changes: 
 git (1:1.7.10.4-1+wheezy3) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix remote code execution via buffer overflows (CVE-2016-2315,
     CVE-2016-2324) (Closes: #818318)
Checksums-Sha1: 
 33788d8aa5cdb3580320548039ca2d916ca6e9b7 2633 git_1.7.10.4-1+wheezy3.dsc
 e7586bfcc0e59136607fa6c5180305b4f0d67a48 517892 git_1.7.10.4-1+wheezy3.diff.gz
 e3a02b37e4ce951002c6b62cdcb7184591e623e8 6688270 
git_1.7.10.4-1+wheezy3_amd64.deb
 4a9ec4ad79ea65387661a1e23c18519ce1d9c22c 2270342 
git-doc_1.7.10.4-1+wheezy3_all.deb
 ea777649577a586a1cb04f216e19bef554474354 464662 
git-arch_1.7.10.4-1+wheezy3_all.deb
 c8606caba8c128ea63c0116c203214ca9a375358 533274 
git-cvs_1.7.10.4-1+wheezy3_all.deb
 43a5f881ceb315d676071a3bc1389a4edc9a7cc3 520548 
git-svn_1.7.10.4-1+wheezy3_all.deb
 b61d5271eb018dc381efa386320c54272a1343ef 451460 
git-daemon-run_1.7.10.4-1+wheezy3_all.deb
 f8ea660afbdd8dab495a94ccb6ae118b3b95cada 452702 
git-daemon-sysvinit_1.7.10.4-1+wheezy3_all.deb
 d2a45af0a2b90c3a2c30b19f94ec7a6c32046fe0 470014 
git-email_1.7.10.4-1+wheezy3_all.deb
 45a45d5f2bdf6a22ca813f56da126161fef7bd45 728944 
git-gui_1.7.10.4-1+wheezy3_all.deb
 9de328311e1c13c07ef65bfbaa9ec1bea8290c2e 578638 gitk_1.7.10.4-1+wheezy3_all.deb
 caa65c0766ae19d509fbfd2e94b556a3a694354c 453990 
gitweb_1.7.10.4-1+wheezy3_all.deb
 cf18b2cc0b6b46cee2ddc9f9971dce3ca2799662 449602 
git-all_1.7.10.4-1+wheezy3_all.deb
 5c6b71bfd6948fe5fe54163e9a5d4f2f2921985d 1342 
git-core_1.7.10.4-1+wheezy3_all.deb
 68ddde77d41fa2641ba285441d63b91b1872edfe 472650 
git-el_1.7.10.4-1+wheezy3_all.deb
 f3c1e75e2ce16ec5fb39c698636c2ce228ed56e9 1074930 
git-man_1.7.10.4-1+wheezy3_all.deb
Checksums-Sha256: 
 98acd10098b85387ec4dbe8c680f220023d627cbf17950133ddb5d15820508ee 2633 
git_1.7.10.4-1+wheezy3.dsc
 7e116fd683aa6780e03f269c3ffbb33c0feeceeac467b07826481b73a2cd7096 517892 
git_1.7.10.4-1+wheezy3.diff.gz
 0fcb6ba7fe301375ab7c5e3d4d177e3e13c10311b227ffecbda84bd72ef725e3 6688270 
git_1.7.10.4-1+wheezy3_amd64.deb
 f838e4fe3c132401943652e441e3702cc0eca7be245b78184ff65e12be4770af 2270342 
git-doc_1.7.10.4-1+wheezy3_all.deb
 27b5e0b1675e362551db86a44a379d70db612372d9f92392e620c067c2ac82dc 464662 
git-arch_1.7.10.4-1+wheezy3_all.deb
 143ac0a2863779e198ea47855360fc368533b68ed257e7513821b38e8382e8b9 533274 
git-cvs_1.7.10.4-1+wheezy3_all.deb
 be725c83e6e868153e0d1ded558f41d1d5eb3329c903b3de83e30bf986cb6f87 520548 
git-svn_1.7.10.4-1+wheezy3_all.deb
 2c6e8d27505700a905f3752728f3d03643f8c3d29a0e8481199f6efc61b2e033 451460 
git-daemon-run_1.7.10.4-1+wheezy3_all.deb
 b8dd24c012dd886d67ccf1b38a00289784a8a91b8dee3e35d32b41cf6fe98471 452702 
git-daemon-sysvinit_1.7.10.4-1+wheezy3_all.deb
 cc6582de22968aa5a24ac5abf3255e2f63547e7dc66da5eb281c9edcf54fc608 470014 
git-email_1.7.10.4-1+wheezy3_all.deb
 3030d78bad2694c9111ea25a83994fc7edc0b0f06926c772d4b29ea2d48b1a74 728944 
git-gui_1.7.10.4-1+wheezy3_all.deb
 230c21e389f86226e4e3fd80a22ee903bbaa83b4121568b583b44f5f447016aa 578638 
gitk_1.7.10.4-1+wheezy3_all.deb
 4c0f15ad8068a91c3b1b5a5489c3a9ca8d28bdee3908575adebfeba678b7b417 453990 
gitweb_1.7.10.4-1+wheezy3_all.deb
 3b468c789b5e67ec856e5bda089a03241d2b54612143acd918c8c6e4c8b7f1bf 449602 
git-all_1.7.10.4-1+wheezy3_all.deb
 902cce33a97abee4b4fcf7be2b170a25f64d83a94dde48d0299cade74681fe3b 1342 
git-core_1.7.10.4-1+wheezy3_all.deb
 750f773046164bea7a040beb58ed220a537273f456a6f9676e47407a23a512c6 472650 
git-el_1.7.10.4-1+wheezy3_all.deb
 f77339c426a60223f3b28afcded3cdf1827cf1bf46b22a3bb3d370bee2a96bec 1074930 
git-man_1.7.10.4-1+wheezy3_all.deb
Files: 
 6e8ac2a8775bfc09dbd9eea521123347 2633 vcs optional git_1.7.10.4-1+wheezy3.dsc
 62a78d51b9b4b85978b1e5a3f3410bf6 517892 vcs optional 
git_1.7.10.4-1+wheezy3.diff.gz
 4644fefc807d02fd131ac6efc4eced68 6688270 vcs optional 
git_1.7.10.4-1+wheezy3_amd64.deb
 08d777dd55a57fa59b2647bfb43ca5d1 2270342 doc optional 
git-doc_1.7.10.4-1+wheezy3_all.deb
 1d2b195dcbf7a22026f7e0406bd6a55d 464662 vcs optional 
git-arch_1.7.10.4-1+wheezy3_all.deb
 56f3c74b652f08a34f275d3b653af80f 533274 vcs optional 
git-cvs_1.7.10.4-1+wheezy3_all.deb
 052158651e12d4f5a982291a743fb703 520548 vcs optional 
git-svn_1.7.10.4-1+wheezy3_all.deb
 d16d12bcdc45f61e7b989ef35486fb01 451460 vcs optional 
git-daemon-run_1.7.10.4-1+wheezy3_all.deb
 d95c9b0f444c8df132752156d604dc0a 452702 vcs extra 
git-daemon-sysvinit_1.7.10.4-1+wheezy3_all.deb
 d57e10355ea0aede5ca1eba3e5738dfa 470014 vcs optional 
git-email_1.7.10.4-1+wheezy3_all.deb
 711036100523ac537db2d6569f8277c9 728944 vcs optional 
git-gui_1.7.10.4-1+wheezy3_all.deb
 31594cb385fa040d29ef1ba88bbd0cfb 578638 vcs optional 
gitk_1.7.10.4-1+wheezy3_all.deb
 469f110f6de2557816bfbf12e16a0362 453990 vcs optional 
gitweb_1.7.10.4-1+wheezy3_all.deb
 017e44320940d350ee87488cd7b4af09 449602 vcs optional 
git-all_1.7.10.4-1+wheezy3_all.deb
 4c6ce41b988e09b787dc325e1997913b 1342 vcs optional 
git-core_1.7.10.4-1+wheezy3_all.deb
 605f84fc7787af97362f231ca7eaeb41 472650 vcs optional 
git-el_1.7.10.4-1+wheezy3_all.deb
 95cd8fe21e469685c854005059d1f35e 1074930 doc optional 
git-man_1.7.10.4-1+wheezy3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW7U1YAAoJEAVMuPMTQ89E/vMP+gMO59lmBrNCKLIX/9jxgNYh
1IfvINGsulIQ7XLXsJwH1+9FgIF4ATiDtmnfIV/OoTEG3ZSuPA4vmx8tg0AUwRY9
rgR+GhFcT6opL0WixQOo8sy4jMvMZMGaCflFA7gQjL0KnsXDkwHI2pv8TqpVdS1S
APhGGIK12KU5v1MdfLoysqWj5wt0lDa6zFjQfn+qP6Dv0Ka5bTNf5/sJn9STxBQE
R4dO+r2tgaEQhlikHZeATH35IckedREf37+5tayHHXz3M5utRHugvjEFmABfG10Y
+3T/Hy2Cy27ab7XUn35LYp3MbfKthHCd50PIjlDOHcgIY6iiXB2GOg57YqX2HlPr
AIn66WidfbyxOE2xPKZeTodXoshi72TkGLjHvvp/RuF9esJmfNabd7t23f1MiQgs
ex3e+wX0byUtNz5gmAzeyz6TbU2tSB9BGs5gPxAp/LRE1nGTWzKJ7DIndZ/lhbjZ
OEJgYweLWBn5AQfG2T8sZdT30PDQDwv+rBoJjUo8bI/R/l3e3oqAUQ8gk6Ad5E/O
P9bf8gbpvK+KqVe3aI7+8iUddMpPSPPYw0wVoaRQobwvjdlRQYUi4+sRsFjlmFPg
ZBmXet1cly69CxfZTKIuXNzkawUBxZ8q5QJwlCzMooXgWTjmsYERlhLjJDEwmyhu
QtF73l4MfR68XaSmeaay
=PBGP
-----END PGP SIGNATURE-----

--- End Message ---

Bug#818318: marked as done (git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE)

Reply via email to