Debian alert DLA-1068-1 (git)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1068-1] git security update | |
| Date: | Sun, 27 Aug 2017 20:18:39 +0200 | |
| Message-ID: | <8f9c4ecf-0b3b-12bd-e2d4-bbb709001698@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : git Version : 1:1.7.10.4-1+wheezy5 CVE ID : CVE-2017-1000117 Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.7.10.4-1+wheezy5. We recommend that you upgrade your git packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmjDP9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeShBg//YIfTQM+xVBASAvLFXUixCy7NcZZda4fNCRzEAXzyXFP9tG3fn6lDdc1o iQYuWB5D+euBRQi6e1qLzsnNavEhMSLJaMTbJjkEaZCFjz4Eptz5rpdFxv0sFXeL CqK2rcjp9xrW/jM/wFvLKdC1jryqu5K+XGJ+l398S/fBvEdCsYog0f/XEQ+DTZOp HdMKWD5knMRE0TUyWxGnsG08NOgFN0ioH63VfWJQIj6s2TMm9WVe79W3EdWKhR+N PM/90IfpoyYMIL3RMSbTmePGLwYONxyvrqeoMjzctQuCEekAivEpW1+sxr7dsHbj +Sxmqjcxm6BaN0az3m6iG3/OQD8Bc6SZjXdPzRS/vrq1wEnwvGpgicF4LkrK2pSd NAywkFwbP8GawrGCJur6dApGDviuA8hR6Gt+HiT/7smaTAARyq2ATM33CDaU9R3+ TEQQ61VO6c4tU3wL2u7YyZXfsF7J9s9/kDeisMARPldqiSp0EKElj+efQAluNXIb d4IPujG5XXMalTbW9AhMl0fcVob1rtesj4vpCDi+LVK6HEEUqsNCXi8lhSSiDPYM Asz7Opc89JUozOBrPGjoqQk9DK6iI+f7TmQYkJaTNccl4waGI6Cj0Lwy4CelWUUW 76PT9wDjNj2Fegj79rA8bO95PqVpGK+xKThQUc5EiQpcUV+/S9s= =dXCi -----END PGP SIGNATURE-----