[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of git?

Hello Chris,

On Mon, 20 Mar 2017, Chris Lamb wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of git:
> https://security-tracker.debian.org/tracker/source-package/git
> 
> Would you like to take care of this yourself?

Did you check whether the package was affected?

I tried to checkout https://github.com/njhartwell/pw3nage while having
bash-completion loaded and with a PS1 containing $(__git_ps1 2>/dev/null)
or $(__git_ps1 " (%s)") and was unable to get any code execution.

I'm not sure when the vulnerability was introduced but it looks
like that 1.7.10.4-1+wheezy3 is not affected at least when using bash.

Can someone else double check?

For zsh, I'm not sure either. I tried to run it and to set PS1 as
documented:
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '

But here the $(...) part is not even replaced.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Reply to: