Re: Advice regarding CVE-2017-15298 for git

To: debian-lts@lists.debian.org
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Advice regarding CVE-2017-15298 for git
From: Jens Korte <korte@mailbox.org>
Date: Sun, 15 Oct 2017 15:12:30 +0200
Message-id: <[🔎] 20171015151230.04daa8bb@j>
In-reply-to: <[🔎] CABY6=0koaf5t+nKvgk6B=K1c-iQ_GchxY+QKbaMtTqLrGqUmYA@mail.gmail.com>
References: <[🔎] CABY6=0koaf5t+nKvgk6B=K1c-iQ_GchxY+QKbaMtTqLrGqUmYA@mail.gmail.com>

Am Sun, 15 Oct 2017 14:15:31 +0200
schrieb Ola Lundqvist <ola@inguza.com>:

> Hi fellow LTS maintainers
> I have looked into CVE-2017-15298 for git. The vulnerability is that
> if you try to clone a crafted repo it may use very lot of memory.
> 
> I'm not convinced that this is a vulnerability that we should spend
> time on. I mean the worst thing is that you have to press Ctrl-C to
> make it stop and then do not use that repo anymore.
> 
> Or do you have another opinion?

What happens, if people use a cronjob to run git?


> 
> Best regards
> 
> // Ola
>

Reply to:

Follow-Ups:
- Re: Advice regarding CVE-2017-15298 for git
  - From: Ola Lundqvist <ola@inguza.com>

References:
- Advice regarding CVE-2017-15298 for git
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Advice regarding CVE-2017-15298 for git
Next by Date: Re: Advice regarding CVE-2017-15298 for git
Previous by thread: Advice regarding CVE-2017-15298 for git
Next by thread: Re: Advice regarding CVE-2017-15298 for git
Index(es):
- Date
- Thread