Please update Git to get the fix to CVE-2017-1000117
Bug #1710016 reported by
Jonathan Nieder
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
git (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
A security bugfix was released today to Git: https://<email address hidden>/T/#u.
Without it, cloning an attacker-controlled ssh:// URL (either directly or indirectly via submodules) leads to arbitrary code execution.
CVE References
Changed in git (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
+linkcve doesn't like the shape of 2017-1000117 or CVE-2017-1000117 so I can't link it.