[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: git
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-07-22 21:20:16
Message-ID: 1959240262.1279521279833616868.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2542
Thanks.
--
JB
----- "Greg Brockman" <gdb@MIT.EDU> wrote:
> A fix for an exploitable buffer overrun was committed to git in [1].
> In particular, if an attacker were to create a crafted working copy
> where the user runs any git command, the attacker could force
> execution of arbitrary code.
>
> This attack should be mitigated to a denial of service if git is
> compiled with appropriate stack-protecting flags.
>
> This buffer overrun was introduced in [2], which first appeared in
> v1.5.6, and is fixed in v1.7.2.
>
> Greg
>
> [1]
> http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc
> [2]
> http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic