Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Dec 2015 15:33:31 -0500 (EST)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE for git issue - please use CVE-2015-7545

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> MITRE has been actively working with the upstream vendor to determine the
> appropriate number of CVEs for the vulnerabilities.

This was completed today.


>> CVE-2015-7545 Git: Some protocols (like git-remote-ext) can execute
>> arbitrary code found in the URL

MITRE has accepted this CVE-2015-7545 ID for this vulnerability
disclosed by the upstream vendor in these references:

  https://kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021
  https://lkml.org/lkml/2015/10/5/683
  https://github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt
  https://github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt
  https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt
  https://github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWazJoAAoJEL54rhJi8gl5plgP/jFffZBtqZbaDBbKk4b8a+tH
Jo+eBQtn/rj8SHrGGos3Or548rGNAjtm7cYZ/fYZOOQiJReUnkIzBHdBmUMqqFZy
2r55+Mok7o7vpVYAvxqooZ8ay3RlHOmuixhw8ZwKTwITKVu7OWsCE2qpaXCB7QzV
lpSh+t0xn9o6Jc+kF/eVP/J4R0X8qX6EU/JtAHHDhl1CEORujH/0bb4pAie/kJ3h
vlCxn51UwQwd9q3mVrxTjFziEZOG/9UV7XowdSS1bQxt0BhTkQH42DnHDrBZCQHc
3vP9pN/23khsRQ3swUmcWD3Z7fmazqG3Q5UIPPQhrTmeYrzbryCBUAgrzWnmVbzN
+OHYQWYv+JwVO/u9b3h5MFwqx0bdWcNAX2/3Bbrw8POx8c2d4+QPwX+BgQ+RfeEX
z6nrfiMCj+C8vwClHzX46ipw9WiCTb+aSj22fOFPESbz+STC1QCNuO3qu4QYsuvO
8nchEB4LBtZ8FJBZtTTd0UMp4j/ojfXA/vm9qP+G/fwzaAzBtK9ncr9BHh+kEqQt
iaUCHm7C10vKZ95q9s5cRz9AiCbmJK93aij1YYZxquHITP3HJUSK4L2gyHdc0jXO
yqK4CHxWavslXfksnlEeRviaqNy52W429QJ/HYE6i83IQxE6tLGN7gHk5BF1LaK2
wtl1kFSYHF16UWCGzns7
=ESLW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ