[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice regarding CVE-2017-15298 for git

Hi Jens

Good point. I'll add it to dla-needed.txt with a special note to
follow the upstream discussion. Upstream is not completely convinced.

Best regards

// Ola

On 15 October 2017 at 15:12, Jens Korte <korte@mailbox.org> wrote:
> Am Sun, 15 Oct 2017 14:15:31 +0200
> schrieb Ola Lundqvist <ola@inguza.com>:
>
>> Hi fellow LTS maintainers
>> I have looked into CVE-2017-15298 for git. The vulnerability is that
>> if you try to clone a crafted repo it may use very lot of memory.
>>
>> I'm not convinced that this is a vulnerability that we should spend
>> time on. I mean the worst thing is that you have to press Ctrl-C to
>> make it stop and then do not use that repo anymore.
>>
>> Or do you have another opinion?
>
> What happens, if people use a cronjob to run git?
>
>
>>
>> Best regards
>>
>> // Ola
>>
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
Reply to: