joernchen
2018-10-06 11:40:04 UTC
Hey,
just a short heads up to oss-sec:
Git has just [0] released Versions 2.14.5, 2.15.3, 2.16.5, 2.17.2,
2.18.1, and 2.19.1 which mitigate CVE-2018-17456, an RCE issue I found
within the handling of Git submodules.
More specifically this issue allows execution of arbitrary commands via
a argument injection to subsequent `git clone` operations using the
`url` parameter in the `.gitmodules` file.
Cheers,
joernchen
[0] https://marc.info/?l=git&m=153875888916397&w=2
--
joernchen ~ Phenoelit
<***@phenoelit.de> ~ C776 3F67 7B95 03BF 5344
http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC
just a short heads up to oss-sec:
Git has just [0] released Versions 2.14.5, 2.15.3, 2.16.5, 2.17.2,
2.18.1, and 2.19.1 which mitigate CVE-2018-17456, an RCE issue I found
within the handling of Git submodules.
More specifically this issue allows execution of arbitrary commands via
a argument injection to subsequent `git clone` operations using the
`url` parameter in the `.gitmodules` file.
Cheers,
joernchen
[0] https://marc.info/?l=git&m=153875888916397&w=2
--
joernchen ~ Phenoelit
<***@phenoelit.de> ~ C776 3F67 7B95 03BF 5344
http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC