git (1:2.7.4-0ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution on clients through
malicious ssh URLs.
- debian/patches/CVE-2017-1000117.patch: filter out hostnames that
would interpreted as cli arguments to ssh
-
debian/diff/0002-transport-expose-git_tcp_connect-and-friends-in-new-t.diff:
update to adjust for changes from CVE-2017-1000117.patch.
- CVE-2017-1000117
Date: 2017-08-10 22:50:30.793121+00:00
Changed-By: Steve Beattie <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/git/1:2.7.4-0ubuntu1.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
