[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 231-1] dulwich security update

Package        : dulwich
Version        : 0.6.1-1+deb6u1
CVE ID         : CVE-2015-0838

Ivan Fratric of the Google Security Team has found a buffer overflow in
the C implementation of the apply_delta() function, used when accessing
Git objects in pack files. An attacker could take advantage of this flaw
to cause the execution of arbitrary code with the privileges of the user
running a Git server or client based on Dulwich.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 0.6.1-1+deb6u1.

Attachment: signature.asc
Description: Digital signature

Reply to: