Comment 11 for bug 1719740

This bug was fixed in the package git - 1:2.7.4-0ubuntu1.3

---------------
git (1:2.7.4-0ubuntu1.3) xenial-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
    - shell-drop-git-cvsserver-support-by-default.diff
    - cvsserver-use-safe_pipe_capture.diff
    - cvsimport-shell-quote-variable-used-in-backticks.diff
    - archimport-use-safe_pipe_capture-for-user-input.diff
    - CVE-2017-14867

 -- Simon Quigley <email address hidden> Tue, 03 Oct 2017 13:14:37 -0500