git (1:2.7.4-0ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via submodule URLs and
paths in .gitsubmodules.
- 0001-submodule-helper-use-to-signal-end-of-clone-options.patch,
0002-submodule-config-ban-submodule-urls-that-start-with-.patch,
0003-submodule-config-ban-submodule-paths-that-start-with.patch:
disallow urls and files that begin with '--'.
- 0004-fsck-detect-submodule-urls-starting-with-dash.patch,
0005-fsck-detect-submodule-paths-starting-with-dash.patch:
reject gitmodules that contain submdule urls and files that begin
with '--'.
- CVE-2018-17456
* SECURITY UPDATE: incomplete fix for CVE-2017-14867
- 0006-cvsimport-apply-shell-quoting-regex-globally.patch: escape
all instances of backticks
Date: 2018-10-11 01:42:12.842911+00:00
Changed-By: Steve Beattie <sbeat...@ubuntu.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.5
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
