*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
Binary package hint: git-core A fix for an exploitable buffer overrun (CVE-2010-2542, per [1]) was committed to git in [2]. In particular, if an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code. This attack should be mitigated to a denial of service if git is compiled with appropriate stack-protecting flags, as I believe is the case on Ubuntu. This buffer overrun was introduced in [3], which first appeared in v1.5.6, and is fixed in v1.7.2. Greg [1] http://seclists.org/oss-sec/2010/q3/93 [2] http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc [3] http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20 ** Affects: git-core (Ubuntu) Importance: Undecided Status: New -- git-core: upstream fix for buffer overrun (CVE-2010-2542) https://bugs.edge.launchpad.net/bugs/608973 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
