** Changed in: git (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names
Jan: It’s not special. As a rule, stable releases almost never get
version bumps outside of a handful of prominent packages that can’t be
supported securely any other way (e.g. Firefox). Instead, individual
security patches are backported.
https://wiki.ubuntu.com/StableReleaseUpdates
git 2.7.4-0
Is there a special reason why git does not get updated to 2.17.1 for
xenial?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule n
** Changed in: git (Ubuntu)
Status: Fix Released => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names
2.17.1-1ubuntu1 hasn’t migrated from cosmic-proposed, so this should
still be Fix Committed, not Fix Released.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbit
This bug was fixed in the package git - 1:2.14.1-1ubuntu4.1
---
git (1:2.14.1-1ubuntu4.1) artful-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via
submodule names in .gitsubmodules.
- 0001-submodule-config-verify-submodule-names-as-paths.patch
- 01
This bug was fixed in the package git - 1:1.9.1-1ubuntu0.8
---
git (1:1.9.1-1ubuntu0.8) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via
submodule names in .gitsubmodules.
- 0005-submodule-config-verify-submodule-names-as-paths.patch
- 0018
This bug was fixed in the package git - 1:2.7.4-0ubuntu1.4
---
git (1:2.7.4-0ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via
submodule names in .gitsubmodules.
- 0014-fsck-simplify-.git-check.patch
- 0015-fsck-actually-fsck-blob
This bug was fixed in the package git - 1:2.17.1-1ubuntu0.1
---
git (1:2.17.1-1ubuntu0.1) bionic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via submodule names
in .gitsubmodules.
- CVE-2018-11235
* SECURITY UPDATE: out-of-bounds memory when sanity-ch
OK found it:
http://launchpadlibrarian.net/372600366/git_1%3A2.17.0-1ubuntu1_1%3A2.17.1-1ubuntu1.diff.gz
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary co
Is there a git diff available for the change?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names in
.gitmodules
To manag
As Seth said, I have now made packages for trusty through bionic
available in the Ubuntu Security Proposed PPA: https://launchpad.net
/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages . They are
awaiting testing, so please do not use them on data you care about;
however, testing feedback fro
On Sat, Jun 02, 2018 at 01:22:36AM -, Anders Kaseorg wrote:
> It looks like the fix is currently in cosmic-proposed.
> https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu1
The -proposed pocket in the developement release is not intended for
human consumption: anything and everything gets
It looks like the fix is currently in cosmic-proposed.
https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu1
** Changed in: git (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
There are CI systems for which the workaround can't be used. Do you have
a patch timeline?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution v
Um, why hasn't Ubuntu released fixes yet? Ubuntu is usually much better
about getting security fixes out quickly. What's the hold-up here?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
Workaround: add stable repo from git-scm to get a fixed version
$ add-apt-repository ppa:git-core/ppa
$ apt update
$ apt install git
(from https://git-scm.com/download/linux )
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
The Ubuntu repo still provides the outdated git version 2.7.4.
This could be checked by running:
$ sudo apt-get update
$ sudo apt-cache policy git
This should be fixed with high priority.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11233
--
You received this bug notifica
Added CVE-2018-11233 because git before 2.13.7 is affctected by that bug
as well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submod
DSA-4212-1
https://www.debian.org/security/2018/dsa-4212
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names in
.gitmodule
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11235
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names
** Summary changed:
- git: CVE 2018-11235 arbitary code execution via submodule names in
.gitmodules
+ git: CVE-2018-11235 arbitary code execution via submodule names in
.gitmodules
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: git (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git:
23 matches
Mail list logo
