stable

git-2.13.6-1.fc26

FEDORA-2017-9b35152c83 created by tmz 7 years ago for Fedora 26

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly.

From the release notes:

 * "git cvsserver" no longer is invoked by "git shell" by default,
   as it is old and largely unmaintained.

 * Various Perl scripts did not use safe_pipe_capture() instead of
   backticks, leaving them susceptible to end-user input.  They have
   been corrected.

Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

References:

http://seclists.org/oss-sec/2017/q3/534
https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-9b35152c83

This update has been submitted for testing by tmz.

7 years ago

This update has been pushed to testing.

7 years ago
User Icon imabug commented & provided feedback 7 years ago
karma

seems ok here

User Icon williamjmorenor commented & provided feedback 7 years ago
karma

wfm

User Icon cserpentis commented & provided feedback 7 years ago
karma

works for me

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago

Automated Test Results