diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2016-03-16 11:32:54 +0000 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2016-03-16 11:41:34 +0000 |
commit | 23f354034df7c6d2652bca285047d29f5abef560 (patch) | |
tree | 9688cf71a7a6214f5f1ebe039a0ef6fc83891273 /strata/openstack-common | |
parent | aa2fd0f9bf293b55f01168598d1b4ae98fe4cbb5 (diff) | |
download | definitions-23f354034df7c6d2652bca285047d29f5abef560.tar.gz |
Upgrade to Git 2.8.0-rc2
This contains commit 9831e92bfa833ee9c0ce464bbc2f941ae6c2698d which
removes the path_name() function. That fixes a remote-code execution
security hole, described in CVE-2016-2315 and CVE-2016-2324.
I have read in some places that 2.7.1 and later are not vulnerable,
but I've not been able to prove that, nor find proof. At time of writing
the Debian advisory doesn't show that 2.7.1 and later are safe, only
2.8.0-rc2:
https://security-tracker.debian.org/tracker/CVE-2016-2324
See also:
https://ma.ttias.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324-cve-2016-2315/
Change-Id: I8948b295030f2f498780777aa62a54f2337518b5
Diffstat (limited to 'strata/openstack-common')
0 files changed, 0 insertions, 0 deletions