[Secure-testing-team] Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE, fixed in 2.7.1
Ximin Luo
infinity0 at debian.org
Tue Mar 15 21:13:56 UTC 2016
Package: git
Version: 1:2.7.0-1
Severity: grave
Tags: upstream security
Justification: user security hole
Dear Maintainer,
This was just posted:
http://seclists.org/oss-sec/2016/q1/645
Please upload 2.7.1 ASAP.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable'), (300, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages git depends on:
ii git-man 1:2.7.0-1
ii libc6 2.21-9
ii libcurl3-gnutls 7.47.0-1
ii liberror-perl 0.17-1.2
ii libexpat1 2.1.0-7
ii libpcre3 2:8.38-3
ii perl-modules-5.22 [perl-modules] 5.22.1-8
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages git recommends:
ii less 481-2.1
ii openssh-client [ssh-client] 1:7.1p2-2
ii patch 2.7.5-1
ii rsync 3.1.1-3
Versions of packages git suggests:
ii gettext-base 0.19.7-2
ii git-arch 1:2.7.0-1
ii git-cvs 1:2.7.0-1
ii git-daemon-sysvinit 1:2.7.0-1
ii git-doc 1:2.7.0-1
ii git-el 1:2.7.0-1
ii git-email 1:2.7.0-1
ii git-gui 1:2.7.0-1
ii git-mediawiki 1:2.7.0-1
ii git-svn 1:2.7.0-1
ii gitk 1:2.7.0-1
ii gitweb 1:2.7.0-1
-- no debconf information
More information about the Secure-testing-team
mailing list