[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for git-core

Sebastian Harl uploaded new packages for git-core which fixed the
following security problems:

DSA 1777-1, Debian bug #516669

    Peter Palfrader discovered that on some architectures files under
    /usr/share/git-core/templates/ were owned by a non-root user. This
    allows a user with that uid on the local system to write to these
    files and possibly escalate their privileges.

    This issue only affected the DEC Alpha and MIPS (big and little
    endian) architectures.

CVE-2009-2108, DSA 1841-1, Debian bug #532935

    git-daemon in git through 1.6.3 allows remote attackers to
    cause a denial of service (infinite loop and CPU consumption) via a
    request containing extra unrecognized arguments.

For the etch-backports distribution the problems have been fixed in
version 1:

The lenny-backports distribution had not been affected by any of these

Upgrade instructions

If you don't use pinning [1] you have to update the package manually via
"apt-get -t etch-backports install <packagelist>", where <packagelist>
is the list of your installed packages affected by this update.

[1] http://backports.org/dokuwiki/doku.php?id=instructions

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.

  Package: *
  Pin: release a=etch-backports
  Pin-Priority: 200

Attachment: signature.asc
Description: Digital signature

Reply to: