Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Jul 2010 17:20:16 -0400 (EDT)
From: Josh Bressers <>
Cc: Junio C Hamano <>,, coley <>
Subject: Re: CVE request: git

Please use CVE-2010-2542



----- "Greg Brockman" <gdb@....EDU> wrote:

> A fix for an exploitable buffer overrun was committed to git in [1].
> In particular, if an attacker were to create a crafted working copy
> where the user runs any git command, the attacker could force
> execution of arbitrary code.
> This attack should be mitigated to a denial of service if git is
> compiled with appropriate stack-protecting flags.
> This buffer overrun was introduced in [2], which first appeared in
> v1.5.6, and is fixed in v1.7.2.
> Greg
> [1]
> [2]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ