[ MDVSA-2015:169 ] git

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:169
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : git
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated git packages fix security vulnerability:
 
 It was reported that git, when used as a client on a case-insensitive
 filesystem, could allow the overwrite of the .git/config file when
 the client performed a git pull.  Because git permitted committing
 .Git/config (or any case variation), on the pull this would replace the
 user's .git/config.  If this malicious config file contained defined
 external commands (such as for invoking and editor or an external diff
 utility) it could allow for the execution of arbitrary code

007 Software

Leave a Reply Cancel reply

Software and Security Information