[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for git

Sebastian Harl uploaded new packages for git, a popular distributed
revision control system, which fixed the following security problem:

CVE-2010-2542, Debian BTS #590026

  A buffer overrun was found in the way Git sanitized path of a git
  directory. If a local attacker would create a specially-crafted
  working copy and trick the local user into running any git command, it
  could lead to arbitrary code execution with the privileges of the user
  running the Git command.

For the lenny-backports distribution the problem has been fixed in
version 1:1.7.1-1.1~bpo50+1.

For the stable distribution (lenny), this problem has been fixed in
version 1:

For the testing and unstable distributions (squeeze and sid) the
problem has been fixed in version 1:1.7.1-1.1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] http://backports.org/dokuwiki/doku.php?id=instructions

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically. 

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

Attachment: signature.asc
Description: Digital signature

Reply to: