Ubuntu
git package

Git package is old, compromised

Bug #1558293 reported by Valorie Zimmerman
This bug report is a duplicate of:  Bug #1557787: client/server RCEs in path_name(). Edit Remove
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git (Ubuntu)
New
Undecided
Unassigned

Bug Description

$ apt-cache policy git
git:
  Installed: (none)
  Candidate: 1:2.5.0-1ubuntu0.1
  Version table:
     1:2.5.0-1ubuntu0.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ wily-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ wily-security/main amd64 Packages
     1:2.5.0-1 0
        500 http://us.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages

http://www.openwall.com/lists/oss-security/2016/03/16/9 reports that the security hole is fixed in 2.7.1, yet we are at 2.5.0!

I need git to be up-to-date. Please package and backport to LTS for those running servers with a git-server.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: git (not installed)
ProcVersionSignature: Ubuntu 4.2.0-30.36-generic 4.2.8-ckt3
Uname: Linux 4.2.0-30-generic x86_64
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Mar 16 14:58:50 2016
InstallationDate: Installed on 2015-08-11 (218 days ago)
InstallationMedia: It
SourcePackage: git
UpgradeStatus: Upgraded to wily on 2015-09-04 (194 days ago)

Revision history for this message
Valorie Zimmerman (valorie-zimmerman) wrote :
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.