Summary: | <dev-vcs/git-{2.13.5, 2.14.1}: command injection via ssh url | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arthur, gentoo.2019, gentoo, hlein, polynomial-c, robbat2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://marc.info/?l=git&m=150238802328673&w=2 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=dev-vcs/git-2.13.5
|
Runtime testing required: | No |
Description
Hanno Böck
2017-08-10 20:26:01 UTC
Arches, please test & stablize dev-vcs/git-2.13.5 (already in the tree prior to this bug). Stable on amd64. (In reply to Tobias Klausmann from comment #2) > Stable on amd64. Bullshit. Stable on alpha. ia64 stable ppc/ppc64 stable amd64 stable x86 stable arm stable sparc stable (thanks to Dakon) hppa stable (thanks to Dakon) Last arch is done here. @maintainer(s), please clean-up tree, thank you! Daj Uan (jmbailey/mbailey_j) Gentoo Security Padawan New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201709-10 at https://security.gentoo.org/glsa/201709-10 by GLSA coordinator Aaron Bauman (b-man). Reopened for cleanup. @maintainers, please clean the vulnerable versions. Maintainer(s), please drop the vulnerable version(s). dev-vcs/git-(2.13.0,2.13.3,2.13.4) dev-vcs/git-(2.14.0,2.14.0-r1) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fc034c016555ddaa8c84902f2e2c0b9c335185c commit 5fc034c016555ddaa8c84902f2e2c0b9c335185c Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2017-10-02 03:16:33 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2017-10-02 03:16:36 +0000 dev-vcs/git: cleanup old ebuilds. Bug: https://bugs.gentoo.org/show_bug.cgi?id=627488#c17 Package-Manager: Portage-2.3.8, Repoman-2.3.3 dev-vcs/git/Manifest | 12 - dev-vcs/git/git-2.13.0.ebuild | 677 -------------------------------------- dev-vcs/git/git-2.13.3.ebuild | 680 -------------------------------------- dev-vcs/git/git-2.13.4.ebuild | 680 -------------------------------------- dev-vcs/git/git-2.14.0-r1.ebuild | 691 --------------------------------------- dev-vcs/git/git-2.14.0.ebuild | 680 -------------------------------------- 6 files changed, 3420 deletions(-)} |