FEDORA-2017-655f0d38c3 created by tmz 3 years ago for Fedora 27
stable

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly.

From the release notes:

 * "git cvsserver" no longer is invoked by "git shell" by default,
   as it is old and largely unmaintained.

 * Various Perl scripts did not use safe_pipe_capture() instead of
   backticks, leaving them susceptible to end-user input.  They have
   been corrected.

Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

References:

http://seclists.org/oss-sec/2017/q3/534
https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/

How to install

sudo dnf upgrade --advisory=FEDORA-2017-655f0d38c3

This update has been submitted for testing by tmz.

3 years ago
User Icon lnie commented & provided feedback 3 years ago
karma

works

This update has been pushed to testing.

3 years ago
User Icon renault commented & provided feedback 3 years ago
karma

No issues

User Icon besser82 commented & provided feedback 3 years ago
karma

Works great! LGTM! =)

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago

Automated Test Results