Sebastian Harl uploaded new packages for git, a popular distributed revision control system, which fixed the following security problem: CVE-2010-2542, Debian BTS #590026 A buffer overrun was found in the way Git sanitized path of a git directory. If a local attacker would create a specially-crafted working copy and trick the local user into running any git command, it could lead to arbitrary code execution with the privileges of the user running the Git command. For the lenny-backports distribution the problem has been fixed in version 1:1.7.1-1.1~bpo50+1. For the stable distribution (lenny), this problem has been fixed in version 1:1.5.6.5-3+lenny3.1. For the testing and unstable distributions (squeeze and sid) the problem has been fixed in version 1:1.7.1-1.1. Upgrade instructions -------------------- If you don't use pinning (see [1]) you have to update the package manually via "apt-get -t lenny-backports install <packagelist>" with the packagelist of your installed packages affected by this update. [1] http://backports.org/dokuwiki/doku.php?id=instructions We recommend to pin the backports repository to 200 so that new versions of installed backports will be installed automatically. Package: * Pin: release a=lenny-backports Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature