Your message dated Mon, 25 Aug 2008 10:17:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494097: fixed in git-core 1:1.5.6.5-1
has caused the Debian Bug report #494097,
regarding git-core: stack-based buffer overflow in git-diff and git-grep
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
494097: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494097
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: git-core
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for git-core.
| Some vulnerabilities have been reported in GIT, which can potentially be
| exploited by malicious people to compromise a user's system.
|
| The vulnerabilities are caused due to boundary errors in various functions
when
| processing overly long repository pathnames. These can be exploited to cause
| stack-based buffer overflows by tricking a user into running e.g. "git-diff"
or
| "git-grep" against a repository containing pathnames that are larger than the
| "PATH_MAX" value on the user's system.
|
| Successful exploitation may allow execution of arbitrary code.
In this case there is no CVE id yet. I will add the CVE id to the bug report
when I got it. Please make sure to add it in the changelog when fixing the bug
then.
You can find the upstream patch on:
http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
For further information see:
[0] http://secunia.com/advisories/31347/
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpz47Pt4V5RF.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: git-core
Source-Version: 1:1.5.6.5-1
We believe that the bug you reported is fixed in the latest version of
git-core, which is due to be installed in the Debian FTP archive:
git-arch_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-arch_1.5.6.5-1_all.deb
git-core_1.5.6.5-1.diff.gz
to pool/main/g/git-core/git-core_1.5.6.5-1.diff.gz
git-core_1.5.6.5-1.dsc
to pool/main/g/git-core/git-core_1.5.6.5-1.dsc
git-core_1.5.6.5.orig.tar.gz
to pool/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
git-cvs_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-cvs_1.5.6.5-1_all.deb
git-daemon-run_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-daemon-run_1.5.6.5-1_all.deb
git-doc_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-doc_1.5.6.5-1_all.deb
git-email_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-email_1.5.6.5-1_all.deb
git-gui_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-gui_1.5.6.5-1_all.deb
git-svn_1.5.6.5-1_all.deb
to pool/main/g/git-core/git-svn_1.5.6.5-1_all.deb
gitk_1.5.6.5-1_all.deb
to pool/main/g/git-core/gitk_1.5.6.5-1_all.deb
gitweb_1.5.6.5-1_all.deb
to pool/main/g/git-core/gitweb_1.5.6.5-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gerrit Pape <[EMAIL PROTECTED]> (supplier of updated git-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 24 Aug 2008 19:22:02 +0000
Source: git-core
Binary: git-core git-doc git-arch git-cvs git-svn git-email git-daemon-run
git-gui gitk gitweb
Architecture: all source
Version: 1:1.5.6.5-1
Distribution: unstable
Urgency: high
Maintainer: Gerrit Pape <[EMAIL PROTECTED]>
Changed-By: Gerrit Pape <[EMAIL PROTECTED]>
Description:
git-arch - fast, scalable, distributed revision control system (arch interop
git-core - fast, scalable, distributed revision control system
git-cvs - fast, scalable, distributed revision control system (cvs interope
git-daemon-run - fast, scalable, distributed revision control system
(git-daemon s
git-doc - fast, scalable, distributed revision control system (documentatio
git-email - fast, scalable, distributed revision control system (email add-on
git-gui - fast, scalable, distributed revision control system (GUI)
git-svn - fast, scalable, distributed revision control system (svn interope
gitk - fast, scalable, distributed revision control system (revision tre
gitweb - fast, scalable, distributed revision control system (web interfac
Closes: 494097
Changes:
git-core (1:1.5.6.5-1) unstable; urgency=high
.
* new upstream point release.
* Fix buffer overflow in prepare_attr_stack; Fix buffer overflow
in git diff; Fix buffer overflow in git-grep (CVE-2008-3546;
closes: #494097).
* debian/diff/0005-bug-494097-CVE-2008-3546.diff: remove; obsolete.
Checksums-Sha1:
0ae7e7c67acd6b6c1202ba50dc643426426b7b58 1295 git-core_1.5.6.5-1.dsc
d7b87cb10409023fee38f869036bd7115c76b4a7 2103619 git-core_1.5.6.5.orig.tar.gz
b0c5962cd1d401f4f76f839eee22d12ac0cafac4 224491 git-core_1.5.6.5-1.diff.gz
23a043f8b02b1263790b64b4d668a3dea96f39ac 1076230 git-doc_1.5.6.5-1_all.deb
7bad07a7c4b1998a5e16b3931fbefc7c2215f395 230448 git-arch_1.5.6.5-1_all.deb
7045e02825e520d39302b2eba1548a8f8f26cc10 266620 git-cvs_1.5.6.5-1_all.deb
112d37c3fab41ac7b1897a24f26f18ea8d274501 267670 git-svn_1.5.6.5-1_all.deb
41f2fb59e2379f20295aef813ef9f31655067878 217200
git-daemon-run_1.5.6.5-1_all.deb
4993246609439393aac0c9e5910fc4bf3389aba3 228724 git-email_1.5.6.5-1_all.deb
0d368443981c168c7af27a0cfd060d952935604a 400982 git-gui_1.5.6.5-1_all.deb
6bef9453d947500c6c157f0337bd10613e05bbb0 298046 gitk_1.5.6.5-1_all.deb
90488cadb6c70ec2484c4a5f839a38054076d853 267596 gitweb_1.5.6.5-1_all.deb
Checksums-Sha256:
912909d535ad6a8f821c9a1370e230f0d3b59c0e4328700a067022e403a8cd5a 1295
git-core_1.5.6.5-1.dsc
bde21d33632a1e16e4d1e75e53795c0fec2cd7160574eee2fa00a755edc53d2c 2103619
git-core_1.5.6.5.orig.tar.gz
b8dd868dbeadc247ef694026cb1e7293215c608bbfc6249ebafacdf0d9941cb3 224491
git-core_1.5.6.5-1.diff.gz
3e0ffb2b168f2448eb6c720aee00b22319e1168a964a0af684b286fe18fef873 1076230
git-doc_1.5.6.5-1_all.deb
486939f158ba24a98efcbbd8b95104c8eea1e2b76de2a885097d8cc03005d77e 230448
git-arch_1.5.6.5-1_all.deb
c95a1fc5f2269a67474084932b0e6b839d132cac56d9753dd1d8c934950d946f 266620
git-cvs_1.5.6.5-1_all.deb
dba2fdd6d5599d5b6cc9150390cd64526c4ef64d2bed39dfce982f45e3749127 267670
git-svn_1.5.6.5-1_all.deb
934cee0860fd0191cac38fba69322b7ec528a26fa83fd03443933b867aac2c05 217200
git-daemon-run_1.5.6.5-1_all.deb
85d356efb4795375428cf3034666b7650210484afc70dee14d30203be44af308 228724
git-email_1.5.6.5-1_all.deb
f82a375c9be5a02e204cdd04699a643eca3720d115198aafe670dab8749f7c3c 400982
git-gui_1.5.6.5-1_all.deb
ebf94793738a7c8732391cc3da4b01674e581f08f47727be5831e38856e0bd53 298046
gitk_1.5.6.5-1_all.deb
98b44f47981c80cb272ad367e56646afd1d9bd4e3c746f7902a5072d63055550 267596
gitweb_1.5.6.5-1_all.deb
Files:
15135fa3267b03e6e63917a7fc8e590d 1295 devel optional git-core_1.5.6.5-1.dsc
c22da91c913a02305fd8a1a2298f75c9 2103619 devel optional
git-core_1.5.6.5.orig.tar.gz
711320764e37f2413388f2a933852545 224491 devel optional
git-core_1.5.6.5-1.diff.gz
88c91e85a4e4d1102f2a8f6cf18b7b30 1076230 doc optional git-doc_1.5.6.5-1_all.deb
71e77fed2d07d6c993e2d377e701b3c6 230448 devel optional
git-arch_1.5.6.5-1_all.deb
a708e0ec40d12fdf3eb711402a0c7cea 266620 devel optional
git-cvs_1.5.6.5-1_all.deb
f5d3bed588eb4985b62ac5d23cd293d2 267670 devel optional
git-svn_1.5.6.5-1_all.deb
7bc7e8fceefae9fc5479d0d13aa2814e 217200 devel optional
git-daemon-run_1.5.6.5-1_all.deb
ba9f66e8edf52f0e594fb17183e7fabb 228724 devel optional
git-email_1.5.6.5-1_all.deb
94171143940ce9533fcb6e8cb323cbfb 400982 devel optional
git-gui_1.5.6.5-1_all.deb
385a80de6964239ff9dc231ffe54d2d1 298046 devel optional gitk_1.5.6.5-1_all.deb
804dbe675ae782daff350a4476435c3f 267596 devel optional gitweb_1.5.6.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIscOyGJoyQbxwpv8RAjgmAJ9wDR2bhxvPtqSmGmvqBlCFkJNY0QCfbhno
1gQOh3vWeurtXm41dg5be3k=
=vwMt
-----END PGP SIGNATURE-----
--- End Message ---
