Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Dec 2015 07:47:21 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>, CVE ID Requests <cve-assign@...re.org>
Subject: CVE for git issue - please use CVE-2015-7545

With apologies, I can't find the original
http://seclists.org/oss-sec/2015/q4/37 in my mailbox (3+ months old) but
we've now shipped advisories, had several people ask and not gotten a CVE
yet so here it is:

CVE-2015-7545 Git: Some protocols (like git-remote-ext) can execute
arbitrary code found in the URL

The other HTTP redirect/protocol issues don't seem to be security issues
per se (unexpected/annoying yes, but I can't think of any real security
impact).

-- 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ