git: CVE-2018-11235 arbitary code execution via submodule names in .gitmodules
Bug #1774061 reported by
Török Edwin
This bug affects 8 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
git (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Git v2.17.1, v2.13.7, v2.14.4, v2.15.2 and v2.16.4 contain a fix for CVE 2018-11235 announced here:
https://<email address hidden>/
Debian has fixed packages here: https:/
I could not find the fixed packages for Ubuntu, the Ubuntu link on the above debian tracker results in a 404, and there is no newer package available in the repository for 18.04 LTS.
CVE References
information type: | Private Security → Public Security |
summary: |
- git: CVE 2018-11235 arbitary code execution via submodule names in + git: CVE-2018-11235 arbitary code execution via submodule names in .gitmodules |
Changed in git (Ubuntu): | |
status: | Fix Released → Fix Committed |
Changed in git (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.