subject:"\[Bug 1719740\] Re\: \[CVE\] Git cvsserver OS Command Injection"

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-05 Thread Launchpad Bug Tracker

This bug was fixed in the package git - 1:2.11.0-2ubuntu0.3

---
git (1:2.11.0-2ubuntu0.3) zesty-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 03 Oct 2017 13:02:47 -0500

** Changed in: git (Ubuntu Zesty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-05 Thread Launchpad Bug Tracker

This bug was fixed in the package git - 1:2.7.4-0ubuntu1.3

---
git (1:2.7.4-0ubuntu1.3) xenial-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 03 Oct 2017 13:14:37 -0500

** Changed in: git (Ubuntu Xenial)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-05 Thread Launchpad Bug Tracker

This bug was fixed in the package git - 1:1.9.1-1ubuntu0.7

---
git (1:1.9.1-1ubuntu0.7) trusty-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 03 Oct 2017 13:20:58 -0500

** Changed in: git (Ubuntu Trusty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-04 Thread Launchpad Bug Tracker

This bug was fixed in the package git - 1:2.14.1-1ubuntu4

---
git (1:2.14.1-1ubuntu4) artful; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 26 Sep 2017 19:11:26 -0500

** Changed in: git (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-04 Thread Marc Deslauriers

ACK on the zesty debdiff, thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-03 Thread Simon Quigley

Attached is a debdiff for Zesty applicable to 1:2.11.0-2ubuntu0.2. I
tested it in a LXD container and it works as intended with no apparent
regressions.

** Patch added: "1-2.11.0-2ubuntu0.3.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+attachment/4961735/+files/1-2.11.0-2ubuntu0.3.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-03 Thread Simon Quigley

** Changed in: git (Ubuntu Artful)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-03 Thread Marc Deslauriers

OK, as pointed out on irc, commit
31add46823fe926e85efbfeab865e366018b33b4 does contain the three others.

Looks good, thanks!

Uploading now.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-10-03 Thread Marc Deslauriers

Hi Simon,

I think you're missing a few commits. Here is the list of commits Debian
has added:

http://repo.or.cz/git/debian.git/commit/ad86ba2e77a442db38510bcc5e5283872df49d88

Also, you don't need to change the patch headers, just leave the
original git commit headers there.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

2017-09-28 Thread Simon Quigley

** Summary changed:

- [DSA 3984-1] Git cvsserver OS Command Injection
+ [CVE] Git cvsserver OS Command Injection

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

10 matches

Site Navigation

Mail list logo

Footer information