Debian Security Advisory

DSA-1637-1 git-core -- buffer overflow

Date Reported:
15 Sep 2008
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 494097.
In Mitre's CVE dictionary: CVE-2008-3546.
More information:

Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code.

The Common Vulnerabilities and Exposures project identifies this vulnerability as CVE-2008-3546.

For the stable distribution (etch), this problem has been fixed in version

For the unstable distribution (sid), this problem has been fixed in version

We recommend that you upgrade your git-core packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
HP Precision:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.