[SECURITY] [DLA 1068-1] git security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1068-1] git security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 27 Aug 2017 20:18:39 +0200
Message-id: <[🔎] 8f9c4ecf-0b3b-12bd-e2d4-bbb709001698@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : git
Version        : 1:1.7.10.4-1+wheezy5
CVE ID         : CVE-2017-1000117

Joern Schneeweisz discovered that git, a distributed revision control
system, did not correctly handle maliciously constructed ssh://
URLs. This allowed an attacker to run an arbitrary shell command, for
instance via git submodules.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.7.10.4-1+wheezy5.

We recommend that you upgrade your git packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmjDP9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeShBg//YIfTQM+xVBASAvLFXUixCy7NcZZda4fNCRzEAXzyXFP9tG3fn6lDdc1o
iQYuWB5D+euBRQi6e1qLzsnNavEhMSLJaMTbJjkEaZCFjz4Eptz5rpdFxv0sFXeL
CqK2rcjp9xrW/jM/wFvLKdC1jryqu5K+XGJ+l398S/fBvEdCsYog0f/XEQ+DTZOp
HdMKWD5knMRE0TUyWxGnsG08NOgFN0ioH63VfWJQIj6s2TMm9WVe79W3EdWKhR+N
PM/90IfpoyYMIL3RMSbTmePGLwYONxyvrqeoMjzctQuCEekAivEpW1+sxr7dsHbj
+Sxmqjcxm6BaN0az3m6iG3/OQD8Bc6SZjXdPzRS/vrq1wEnwvGpgicF4LkrK2pSd
NAywkFwbP8GawrGCJur6dApGDviuA8hR6Gt+HiT/7smaTAARyq2ATM33CDaU9R3+
TEQQ61VO6c4tU3wL2u7YyZXfsF7J9s9/kDeisMARPldqiSp0EKElj+efQAluNXIb
d4IPujG5XXMalTbW9AhMl0fcVob1rtesj4vpCDi+LVK6HEEUqsNCXi8lhSSiDPYM
Asz7Opc89JUozOBrPGjoqQk9DK6iI+f7TmQYkJaTNccl4waGI6Cj0Lwy4CelWUUW
76PT9wDjNj2Fegj79rA8bO95PqVpGK+xKThQUc5EiQpcUV+/S9s=
=dXCi
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1067-1] augeas security update
Next by Date: [SECURITY] [DLA 1069-1] tenshi security update
Previous by thread: [SECURITY] [DLA 1067-1] augeas security update
Next by thread: [SECURITY] [DLA 1069-1] tenshi security update
Index(es):
- Date
- Thread