Bug#818318: marked as done (git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE)

Debian Bug Tracking System Sat, 19 Mar 2016 14:45:41 -0700

Your message dated Sat, 19 Mar 2016 21:32:08 +0000
with message-id <e1ahotg-000089...@franck.debian.org>
and subject line Bug#818318: fixed in git 1:2.1.4-2.1+deb8u2
has caused the Debian Bug report #818318,
regarding git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server 
and client RCE
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
818318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818318
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: git
Version: 1:2.7.0-1
Severity: grave
Tags: upstream security
Justification: user security hole

Dear Maintainer,

This was just posted:

http://seclists.org/oss-sec/2016/q1/645

Please upload 2.7.1 ASAP.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (300, 'unstable'), (200, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages git depends on:
ii  git-man                           1:2.7.0-1
ii  libc6                             2.21-9
ii  libcurl3-gnutls                   7.47.0-1
ii  liberror-perl                     0.17-1.2
ii  libexpat1                         2.1.0-7
ii  libpcre3                          2:8.38-3
ii  perl-modules-5.22 [perl-modules]  5.22.1-8
ii  zlib1g                            1:1.2.8.dfsg-2+b1

Versions of packages git recommends:
ii  less                         481-2.1
ii  openssh-client [ssh-client]  1:7.1p2-2
ii  patch                        2.7.5-1
ii  rsync                        3.1.1-3

Versions of packages git suggests:
ii  gettext-base         0.19.7-2
ii  git-arch             1:2.7.0-1
ii  git-cvs              1:2.7.0-1
ii  git-daemon-sysvinit  1:2.7.0-1
ii  git-doc              1:2.7.0-1
ii  git-el               1:2.7.0-1
ii  git-email            1:2.7.0-1
ii  git-gui              1:2.7.0-1
ii  git-mediawiki        1:2.7.0-1
ii  git-svn              1:2.7.0-1
ii  gitk                 1:2.7.0-1
ii  gitweb               1:2.7.0-1

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: git
Source-Version: 1:2.1.4-2.1+deb8u2

We believe that the bug you reported is fixed in the latest version of
git, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Mar 2016 06:20:38 +0100
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki 
git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: all source
Version: 1:2.1.4-2.1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Gerrit Pape <p...@smarden.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 818318
Description: 
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system 
(git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system 
(git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki 
in
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Changes:
 git (1:2.1.4-2.1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix remote code execution via buffer overflows (CVE-2016-2315,
     CVE-2016-2324) (Closes: #818318)
Checksums-Sha1: 
 eff45ecb2d97753aba7ffe0574b09c8f81ab1895 2803 git_2.1.4-2.1+deb8u2.dsc
 fcb169a47ceb312389a144978bfed9b0cf4b9e3b 472524 
git_2.1.4-2.1+deb8u2.debian.tar.xz
 775e3dadeabf80d6c6341d9ccf55600896c21352 1406222 
git-doc_2.1.4-2.1+deb8u2_all.deb
 bf9b0384e1b534e74657851d01720fbf30288904 589128 
git-arch_2.1.4-2.1+deb8u2_all.deb
 40c1b4ec0a2a3ab1b3c8d27def12da86225b59a2 638064 
git-cvs_2.1.4-2.1+deb8u2_all.deb
 323c7a13a4db4cd0c4855722044c3513bbbecba3 661778 
git-svn_2.1.4-2.1+deb8u2_all.deb
 44306913475eed02b0a2308c65ebdfef76393057 591450 
git-mediawiki_2.1.4-2.1+deb8u2_all.deb
 4262ecc4ff55803cc0efa10dd94485f5a9b7ac17 577496 
git-daemon-run_2.1.4-2.1+deb8u2_all.deb
 49825c9113d25f0014c27ff7b0f500880e6ddb5e 578448 
git-daemon-sysvinit_2.1.4-2.1+deb8u2_all.deb
 cf6b270ef66bf75472419219548730e4c212e4f8 595460 
git-email_2.1.4-2.1+deb8u2_all.deb
 235db8710daf435df48c89ad62a3bededde4ff21 766830 
git-gui_2.1.4-2.1+deb8u2_all.deb
 09e32a4ab7cb27d8fac2782ddf6cac27cb572638 695608 gitk_2.1.4-2.1+deb8u2_all.deb
 e952e959b6b105733c162fc290335372e5ab9c14 580228 gitweb_2.1.4-2.1+deb8u2_all.deb
 42038dc83dd67e70e57f47141cc1c15cacb9b240 575774 
git-all_2.1.4-2.1+deb8u2_all.deb
 e6f944a5614e1b7a99bc73f300d663536a1a52ed 595552 git-el_2.1.4-2.1+deb8u2_all.deb
 df1c3c3ce00bb585a60bf02efe29c210ace8103d 1267340 
git-man_2.1.4-2.1+deb8u2_all.deb
 c811ef7304a6b6879e07ca48c025623418e0a821 1496 git-core_2.1.4-2.1+deb8u2_all.deb
Checksums-Sha256: 
 acc2cf0a4b5099336e57fae72ae9fdfbcf1fdd083ef824364a17a2d6e22e722d 2803 
git_2.1.4-2.1+deb8u2.dsc
 392c84599070db4550bdcab86709d083cd9d8543d1358a0fed9b272ec60c9d0c 472524 
git_2.1.4-2.1+deb8u2.debian.tar.xz
 bc8de536f004bb568469e43a11d438e3475d3aafe870d46f4729b2ae155f64de 1406222 
git-doc_2.1.4-2.1+deb8u2_all.deb
 758e3d803c273842f2eb99b9bcf77aca8ad7ce3c7db35ed57ace14f6d213e5ad 589128 
git-arch_2.1.4-2.1+deb8u2_all.deb
 d88bce7473b16a3e49d38b838c10f735e271acc97f9560efb8684ae8bee5ce33 638064 
git-cvs_2.1.4-2.1+deb8u2_all.deb
 f978103f70fa302c2eea1c20ca069bcfd51435e80f9e19e1551db2d98154bc5c 661778 
git-svn_2.1.4-2.1+deb8u2_all.deb
 1ed44cffc4062bae1e5426173c2cd304861cb10f9eda08bfbeb0410f81bd18b6 591450 
git-mediawiki_2.1.4-2.1+deb8u2_all.deb
 10bedde9ff98fc875b7a2fd9657879cece2fa0369a745c1368b299aaf62455b7 577496 
git-daemon-run_2.1.4-2.1+deb8u2_all.deb
 da0f2325ea14bb33d071406d87096075a094e6e02b118349b4c442c22566bb45 578448 
git-daemon-sysvinit_2.1.4-2.1+deb8u2_all.deb
 93bc515bee7c00af860bade61b3a0f29196b6306c3d00c835bd1c6253ab04002 595460 
git-email_2.1.4-2.1+deb8u2_all.deb
 efba50280eab274da553705476d497367a6bb40d69dc374489b4e5befb56dcd4 766830 
git-gui_2.1.4-2.1+deb8u2_all.deb
 a48d7833091679bc650ee4a93749091b93dcbd7466fc5f7b6518bfdf32a6faa0 695608 
gitk_2.1.4-2.1+deb8u2_all.deb
 93ff164ecc8f0971ec788f2d44b8424624e03208a0e5f06de6b3d537e0389c1e 580228 
gitweb_2.1.4-2.1+deb8u2_all.deb
 be003d41036363869724922276b310952f3c1be705b02f55def7dad96d46246d 575774 
git-all_2.1.4-2.1+deb8u2_all.deb
 52aeca866ffbb1c1a6df9de68c3ca8bddff446cc0ca135485b7251b77f28c5a2 595552 
git-el_2.1.4-2.1+deb8u2_all.deb
 b4fd6bce179acff4c9a7c267720c57e1c9ca6132bfb01be842809849efc1d233 1267340 
git-man_2.1.4-2.1+deb8u2_all.deb
 74c363ff600c21816fdfcd7b8676e6a37af439b18ed2607f3b6eaf30500cfdb2 1496 
git-core_2.1.4-2.1+deb8u2_all.deb
Files: 
 18032ee7c867d06e94debf8f946845e7 2803 vcs optional git_2.1.4-2.1+deb8u2.dsc
 afc275e6db5636874f3da6e1ab1291a3 472524 vcs optional 
git_2.1.4-2.1+deb8u2.debian.tar.xz
 4ee8c73a99254a7564e9ad71ba3dc1f2 1406222 doc optional 
git-doc_2.1.4-2.1+deb8u2_all.deb
 f9876c665fab954acc452e932fcacf57 589128 vcs optional 
git-arch_2.1.4-2.1+deb8u2_all.deb
 868470d6b70bb1e1bedd8bccf300631e 638064 vcs optional 
git-cvs_2.1.4-2.1+deb8u2_all.deb
 3e6c48db6d6b65089d5f8109e977b44c 661778 vcs optional 
git-svn_2.1.4-2.1+deb8u2_all.deb
 8edca675c254e46e1abff6eaae3f04d6 591450 vcs optional 
git-mediawiki_2.1.4-2.1+deb8u2_all.deb
 cb8f118b4ef5e7e09c15ff13b89c9f94 577496 vcs optional 
git-daemon-run_2.1.4-2.1+deb8u2_all.deb
 4a751e070477a3d042eb8031205225d0 578448 vcs extra 
git-daemon-sysvinit_2.1.4-2.1+deb8u2_all.deb
 fe477274c5366f6acc7627d9ef4b3db0 595460 vcs optional 
git-email_2.1.4-2.1+deb8u2_all.deb
 ad91bfec1565378d921bd809ef176af3 766830 vcs optional 
git-gui_2.1.4-2.1+deb8u2_all.deb
 1c951db87d36838cfd8e13a70f7d14ec 695608 vcs optional 
gitk_2.1.4-2.1+deb8u2_all.deb
 51275b495cedadd18c25ededcfa28f13 580228 vcs optional 
gitweb_2.1.4-2.1+deb8u2_all.deb
 a273d49eb491a27f2a94a86366d15607 575774 vcs optional 
git-all_2.1.4-2.1+deb8u2_all.deb
 538ba7057df6c9fefbc03ce624aa4c87 595552 vcs optional 
git-el_2.1.4-2.1+deb8u2_all.deb
 df48e7520ae3c4e3571711d51272996a 1267340 doc optional 
git-man_2.1.4-2.1+deb8u2_all.deb
 eb0555fcaa5099945e0bbdbfbed7eaa6 1496 vcs optional 
git-core_2.1.4-2.1+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW7VLnAAoJEAVMuPMTQ89ED4sP/25uIiVdIFH2IOwNOc3Px7gY
2q/xhkOL8jxBxE8iPyaP8CW3KqvkKm2fqGEodpWwvlWmHwMkem0jrG1BRkiYEqx3
fnffZSh+ME68i3ARA1F4HatrHx5iYWWAPXbqgPmGsxKwtgmBG0c+SPmxC10OX4Jf
35C/hzsh/yL/Ze2sGgAcsw7EbDlcALXVQbFbuImLLTpvhyFrTQwVAzExDfhPjy01
ImFJi0aoZYIPbjw8VuEoleGFhMDsmspsuYWpjWfGxTKdlJKkFmxHQs9O7CEzyfaw
t965MMpGJ1yds5K6LGufV7azEjgfWf+XhCTrSICrW2Oxz85vh36xV219w7FvInGb
/eBHu6Xxvb4w9KkOFj+UqmftJ8DTtZZj1gUg52APCo28NfKxF/NtTG4f5CSAsGJZ
mdZuOHhVO9pIiwXOyxBtNOGg8t3Ndw2VwOWfRDMMrElW9RaipEWcqavASj05z5Zb
PeaywU0hjYuTDt/98FVXV/kgwMz4A3z6jzGaNvKNMdc6owom44OqVcJr94dfZYfy
oA8hPQoRUHVJTeYVoO8dvlIrdx8n4VcQycwRvJSNaYwtYxqpUYENJUHhDtWcpLVd
c+5z837R3p3gqWCgME0mpSWYWXR1dxMpS1LzL59UOp7qyfbhhSkt1MqXBBMBqRa1
YaGx/g4pRCza2M2+t/yE
=h6Xb
-----END PGP SIGNATURE-----

--- End Message ---

Bug#818318: marked as done (git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE)

Reply via email to