Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 11:47:31 +0100
From: Laël Cellier <>
Subject: Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)

Oh………………………… Big mistake. I might advertised too soon.

I saw changes were pushed in master, so I thought the next version 
(which was 2.7.1) would be the one which will include the fix.

But as pointed out on no versions 
including the fixes were released yet, and even 2.7.3 still include 
path_name(). I didn’t checked the code (Sorrrry).

So the only way to fix it is to draw your compilers and compile the 
current master branch at

Or do like github did by using the patches at and

I’m really sorry…

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.