Advice regarding CVE-2017-15298 for git

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Advice regarding CVE-2017-15298 for git
From: Ola Lundqvist <ola@inguza.com>
Date: Sun, 15 Oct 2017 14:15:31 +0200
Message-id: <[🔎] CABY6=0koaf5t+nKvgk6B=K1c-iQ_GchxY+QKbaMtTqLrGqUmYA@mail.gmail.com>

Hi fellow LTS maintainers
I have looked into CVE-2017-15298 for git. The vulnerability is that
if you try to clone a crafted repo it may use very lot of memory.

I'm not convinced that this is a vulnerability that we should spend time on.
I mean the worst thing is that you have to press Ctrl-C to make it
stop and then do not use that repo anymore.

Or do you have another opinion?

Best regards

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: Advice regarding CVE-2017-15298 for git
  - From: Jens Korte <korte@mailbox.org>

Prev by Date: Re: Wheezy update of icedove?
Next by Date: Re: Advice regarding CVE-2017-15298 for git
Previous by thread: Wheezy update of tomcat7?
Next by thread: Re: Advice regarding CVE-2017-15298 for git
Index(es):
- Date
- Thread