Joined: 12 May 2004
|Posted: Thu Sep 25, 2008 9:26 pm Post subject: [ GLSA 200809-16 ] Git: User-assisted execution of arbitrary
|Gentoo Linux Security Advisory
Title: Git: User-assisted execution of arbitrary code (GLSA 200809-16)
Date: September 25, 2008
Multiple buffer overflow vulnerabilities have been discovered in Git.
Git is a distributed version control system.
Vulnerable: < 22.214.171.124
Unaffected: >= 126.96.36.199
Architectures: All supported architectures
Multiple boundary errors in the functions diff_addremove() and
diff_change() when processing overly long repository path names were
A remote attacker could entice a user to run commands like "git-diff"
or "git-grep" on a specially crafted repository, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application.
There is no known workaround at this time.
All Git users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/git-188.8.131.52"
Last edited by GLSA on Wed Nov 27, 2013 4:28 am; edited 2 times in total