This bug was fixed in the package git - 1:2.17.1-1ubuntu0.1
---------------
git (1:2.17.1-1ubuntu0.1) bionic-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via submodule names
in .gitsubmodules.
- CVE-2018-11235
* SECURITY UPDATE: out-of-bounds memory when sanity-checking
pathnames on NTFS
- CVE-2018-11233
* Merge from Debian (LP: #1774061). Remaining changes:
- debian/control: build against pcre v3 only
- debian/rules: s390x libpcre3 library has JIT disabled, set
NO_LIBPCRE1_JIT on that arch to stop the build from failing.
git (1:2.17.1-1) unstable; urgency=high
* new upstream point release to fix CVE-2018-11235, arbitary code
execution via submodule names in .gitmodules (see RelNotes/2.17.1.txt).
-- Steve Beattie <sbeat...@ubuntu.com> Thu, 31 May 2018 10:50:28 -0700
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774061
Title:
git: CVE-2018-11235 arbitary code execution via submodule names in
.gitmodules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1774061/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
