On Sat, Jun 02, 2018 at 01:22:36AM -0000, Anders Kaseorg wrote: > It looks like the fix is currently in cosmic-proposed. > https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu1
The -proposed pocket in the developement release is not intended for human consumption: anything and everything gets pushed through that, and is released to the devel release when autopackage tests pass. The security updates are being prepared in the Ubuntu Security Proposed PPA: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages I do not know the state of these packages, so please use them at your own risk, but should you choose to use these packages, feedback on your experience here may be helpful to us. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774061 Title: git: CVE-2018-11235 arbitary code execution via submodule names in .gitmodules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1774061/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
