Date: Thu, 22 Jul 2010 17:20:16 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Junio C Hamano <gitster@...ox.com>, gdb@....edu, coley <coley@...re.org> Subject: Re: CVE request: git Please use CVE-2010-2542 Thanks. -- JB ----- "Greg Brockman" <gdb@....EDU> wrote: > A fix for an exploitable buffer overrun was committed to git in . > In particular, if an attacker were to create a crafted working copy > where the user runs any git command, the attacker could force > execution of arbitrary code. > > This attack should be mitigated to a denial of service if git is > compiled with appropriate stack-protecting flags. > > This buffer overrun was introduced in , which first appeared in > v1.5.6, and is fixed in v1.7.2. > > Greg > >  > http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc >  > http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ