MGASA-2016-0119

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0119.html

Import Source

https://advisories.mageia.org/MGASA-2016-0119.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0119

Related

Published

2016-03-25T06:38:37Z

Modified

2016-03-25T06:20:49Z

Summary

Updated git packages fix security vulnerability

Details

There is a buffer overflow vulnerability possibly leading to remote code execution in git. It can happen while pushing or cloning a repository with a large filename or a large number of nested trees (CVE-2016-2315, CVE-2016-2324).

The git package has been updated to version 2.7.4, which fixes this issue, as well as several other bugs.

The cgit package bundles git, and its bundled copy of git has also been updated to version 2.7.4.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / git

Package

Name: git
Purl: pkg:rpm/mageia/git?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.4-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / cgit

Package

Name: cgit
Purl: pkg:rpm/mageia/cgit?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12-1.2.mga5

Ecosystem specific

{
    "section": "core"
}