Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 11:47:31 +0100
From: La=c3=abl Cellier <>
Subject: Re: server and client side remote code execution through 
 a buffer overflow in all git versions before 2.7.1 (unpublished
  ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315

Oh Big mistake. I might advertised too soon.

I saw changes were pushed in master, so I thought the next version 
(which was 2.7.1) would be the one which will include the fix.

But as pointed out on no versions 
including the fixes were released yet, and even 2.7.3 still include 
path_name(). I didnt checked the code (Sorrrry).

So the only way to fix it is to draw your compilers and compile the 
current master branch at

Or do like github did by using the patches at and

Im really sorry

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ