oss-sec mailing list archives
Re: CVE request: git
From: Josh Bressers <bressers () redhat com>
Date: Thu, 22 Jul 2010 17:20:16 -0400 (EDT)
Please use CVE-2010-2542 Thanks. -- JB ----- "Greg Brockman" <gdb () MIT EDU> wrote:
A fix for an exploitable buffer overrun was committed to git in [1]. In particular, if an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code. This attack should be mitigated to a denial of service if git is compiled with appropriate stack-protecting flags. This buffer overrun was introduced in [2], which first appeared in v1.5.6, and is fixed in v1.7.2. Greg [1] http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc [2] http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20
Current thread:
- CVE request: git Greg Brockman (Jul 21)
- Re: CVE request: git Josh Bressers (Jul 22)