Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Nov 2015 13:13:08 +0100
From: Jan Rusnacko <>
        Assign a CVE Identifier <>
Subject: Re: CVE Request: git

On 10/06/2015 05:56 AM, Seth Arnold wrote:
> Hello MITRE, all,
> The git project announced v2.6.1
> and included the following text:
> 	 * Some protocols (like git-remote-ext) can execute arbitrary code
> 	   found in the URL. The URLs that submodules use may come
> 	   from arbitrary sources (e.g., .gitmodules files in a remote
> 	   repository), and can hurt those who blindly enable recursive
> 	   fetch. Restrict the allowed protocols to well known and
> 	   safe ones.
> The following commits appear to implement the restrictions:
> I do not know if this is exhaustive.
> The announcement also mentions some int-based overflows but does not
> describe any situations that would allow crossing privilege boundaries.
> Please assign CVEs as appropriate.

Can CVE be assigned to this vulnerability please?

Jan Rusnacko, Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ