git 1:2.17.1-1ubuntu0.16 in Bonic still vulnerable to CVE-2023-22490
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
git (Ubuntu) |
Fix Released
|
Undecided
|
Leonidas S. Barbosa |
Bug Description
Hi,
While backporting the latest git security fixes to Debian 9 buster, I looked at the Bionic update and realised a patch was missing. I thought maybe the patch wasn't needed, but I applied the test case in the buster source and it failed. Indeed, it's also failing on bionic:
osboxes@
1:2.17.
osboxes@
osboxes@
osboxes@
Initialized empty Git repository in /home/osboxes/
osboxes@
osboxes@
osboxes@
Cloning into 'repo2'...
warning: You appear to have cloned an empty repository.
done.
osboxes@
secret
The git clone repo1 repo2 should have failed, complaining that objects is a symlink.
https:/
Cheers,
Emilio
CVE References
Changed in git (Ubuntu): | |
assignee: | nobody → Leonidas S. Barbosa (leosilvab) |
Changed in git (Ubuntu): | |
status: | New → In Progress |
Thanks Emilio!