lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1d8LJc-0002tY-3W@master.debian.org> Date: Wed, 10 May 2017 06:41:40 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 3848-1] git security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 security@...ian.org https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2017-8386 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". For the stable distribution (jessie), this problem has been fixed in version 1:2.1.4-2.1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 1:2.11.0-3. We recommend that you upgrade your git packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkStdpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RsYRAAkFm3oiN6uogtd5ryYxmCckdqK8APCHK782WZ9zJldsPjEfOk9GP8wtJf XQqUeM+bjSrx5dnFys6GGpF8zTfqw8cpUkklVKVfGyLC8Tm9h2zwFJzakWrL2I50 4tMSF4Vnl/IQzjoem97hihFjK8hTrFsHza3dcaGiAqmO2YMkVT4C5yKoplvJC5d4 phu/S+ONe5RtgVtpORKc1s4+/cAmFgeZxTf4FiEv9+FwvrVJ6bAfoKMXVCWpYnni cEWP5elmzrAtvD6aBcEYuT8jrMDn9k471jbV/7pFEId3hZAl8yAx8xJYtGunLR32 rMLnO3PpE9p8xaRTm1o2Qx/jBWkppZ9+6iH6t4zgho4Dv5CwHpfn/3mMEzZa8r6T 1MSdZZoQpfVRXySEuo4uDR8EoVRnBJlOFCGuTDpYMhjgOFjHJYgEYWuJk/2y4PLa 9WPp1WBSi9rGWlDQmpIg24ChWMtrBMe3068sbaikbjWQVFpU5BkKp03UeHWcqGQu jVN9GNDsvUCsguBOakpKANvchcSCQT6xwdsrV4fllBoH64k0aO3gaqE9pfTbE/b7 XKWDOBPVhXB8yNYsTMv4P+r6ttJoPF15BRgPfHhhkR9y+KxZtunmzZcxlAR9nYV0 qdnsZqkVhF0tF4wOZuK04jYtfrw+1W/fVnrEvvKn2hRH3yQdKhM= =yU/e -----END PGP SIGNATURE-----
Powered by blists - more mailing lists