Hi What default shell was used? The default shell have impacted this kind of things before.
// Ola On 21 March 2017 at 13:37, Raphael Hertzog <hert...@debian.org> wrote: > Hello Chris, > > On Mon, 20 Mar 2017, Chris Lamb wrote: > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of git: > > https://security-tracker.debian.org/tracker/source-package/git > > > > Would you like to take care of this yourself? > > Did you check whether the package was affected? > > I tried to checkout https://github.com/njhartwell/pw3nage while having > bash-completion loaded and with a PS1 containing $(__git_ps1 2>/dev/null) > or $(__git_ps1 " (%s)") and was unable to get any code execution. > > I'm not sure when the vulnerability was introduced but it looks > like that 1.7.10.4-1+wheezy3 is not affected at least when using bash. > > Can someone else double check? > > For zsh, I'm not sure either. I tried to run it and to set PS1 as > documented: > PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ ' > > But here the $(...) part is not even replaced. > > Cheers, > -- > Raphaël Hertzog ◈ Debian Developer > > Support Debian LTS: https://www.freexian.com/services/debian-lts.html > Learn to master Debian: https://debian-handbook.info/get/ > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
