[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of git?

Hello Chris,

On Mon, 20 Mar 2017, Chris Lamb wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of git:
> https://security-tracker.debian.org/tracker/source-package/git
> Would you like to take care of this yourself?

Did you check whether the package was affected?

I tried to checkout https://github.com/njhartwell/pw3nage while having
bash-completion loaded and with a PS1 containing $(__git_ps1 2>/dev/null)
or $(__git_ps1 " (%s)") and was unable to get any code execution.

I'm not sure when the vulnerability was introduced but it looks
like that is not affected at least when using bash.

Can someone else double check?

For zsh, I'm not sure either. I tried to run it and to set PS1 as
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '

But here the $(...) part is not even replaced.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to: