Summary: | <dev-vcs/git-{1.8.5.6,1.9.5,2.0.5} : arbitrary command execution in the client machine when cloning a mailicious tree (CVE-2014-9390) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreas K. Hüttel <dilfridge> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | polynomial-c, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/blog/1938-vulnerability-announced-update-your-git-clients | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Andreas K. Hüttel
2014-12-18 21:31:40 UTC
+*git-2.2.1 (18 Dec 2014) +*git-2.1.4 (18 Dec 2014) +*git-2.0.5 (18 Dec 2014) +*git-1.9.5 (18 Dec 2014) +*git-1.8.5.6 (18 Dec 2014) + + 18 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> +git-1.8.5.6.ebuild, + -git-1.9.3.ebuild, +git-1.9.5.ebuild, +git-2.0.5.ebuild, -git-2.1.3.ebuild, + +git-2.1.4.ebuild, -git-2.2.0.ebuild, +git-2.2.1.ebuild, + -files/git-1.8.4-optional-cvs.patch: + Security bump (bug #532984). Removed old. + Arches please test and mark stable the following versions: =dev-vcs/git-1.8.5.6 =dev-vcs/git-1.9.5 =dev-vcs/git-2.0.5 Target KEYWORDS are: alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris amd64 stable x86 stable Stable for HPPA. alpha stable arm stable ppc stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. + 26 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> -git-1.8.3.2-r1.ebuild, + -git-1.8.5.5.ebuild, -git-2.0.4.ebuild, -files/git-1.8.2-optional-cvs.patch, + -files/git-daemon.initd: + Removed vulnerable versions. + Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201509-06 at https://security.gentoo.org/glsa/201509-06 by GLSA coordinator Kristian Fiskerstrand (K_F). |