Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 335891 (CVE-2010-2542)

Summary: <dev-vcs/git-1.7.2.2: Stack-based buffer overflow (CVE-2010-2542)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: prometheanfire, ricmm, robbat2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=618108
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:29:26 UTC
CVE-2010-2542 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2542):
  Stack-based buffer overflow in the is_git_directory function in
  setup.c in Git before 1.7.2.1 allows local users to gain privileges
  via a long gitdir: field in a .git file in a working copy.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:30:09 UTC
Can 1.7.2.2 go stable?
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-09-05 08:47:29 UTC
+1 on stable.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-05 23:38:57 UTC
Arches, please test and mark stable:
=dev-vcs/git-1.7.2.2
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-09-06 04:02:46 UTC
x86 stable
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2010-09-06 13:50:59 UTC
amd64 done
Comment 6 Brent Baude (RETIRED) gentoo-dev 2010-09-06 20:16:32 UTC
ppc64 done
Comment 7 Jeroen Roovers gentoo-dev 2010-09-07 15:54:01 UTC
Stable for PPC.
Comment 8 Jeroen Roovers gentoo-dev 2010-09-07 16:03:00 UTC
Please remove the blocker if this isn't relevant enough to stop stabilisation.
Comment 9 Tobias Klausmann gentoo-dev 2010-09-10 12:33:11 UTC
Stable on alpha.
Comment 10 Jeroen Roovers gentoo-dev 2010-09-10 15:59:08 UTC
Stable for HPPA.
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2010-09-11 15:14:28 UTC
arm/ia64/s390/sh/sparc stable
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2010-11-19 07:05:35 UTC
GLSA request filed.
Comment 13 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-12-19 03:01:36 UTC
Removing the HPPA blocker bug as it's general to HPPA, and has not blocked stablization.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-01-10 13:59:22 UTC
This issue was resolved and addressed in
 GLSA 201401-06 at http://security.gentoo.org/glsa/glsa-201401-06.xml
by GLSA coordinator Sergey Popov (pinkbyte).