Launchpad.net

CVE 2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Related bugs and status

CVE-2016-2315 (Candidate) is related to these bugs:

Bug #1557787: client/server RCEs in path_name()

		In	Importance	Status
1557787	client/server RCEs in path_name()	git (Ubuntu)	High	Fix Released
1557787	client/server RCEs in path_name()	git (Debian)	Unknown	Fix Released
1557787	client/server RCEs in path_name()	git (Ubuntu Trusty)	Undecided	Fix Released
1557787	client/server RCEs in path_name()	git (Ubuntu Wily)	Undecided	Fix Released
1557787	client/server RCEs in path_name()	git (Ubuntu Precise)	Undecided	Fix Released

Bug #1563336: Sync git 1:2.8.1-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1563336	Sync git 1:2.8.1-1 (main) from Debian unstable (main)		git (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2315

Related bugs and status

Related bugs

References