Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #8959 Remote command execution in Git versions before 2.7.4
    Actions
    Infos
    #8959
    Thomas Gerbet (tgerbet)
    2016-03-29 15:27
    2016-03-16 09:13
    9063
    Details
    Remote command execution in Git versions before 2.7.4

    Two vulnerabilities have been found in Git.
    Impact

    An attacker could use these vulnerabilities to execute arbitrary commands through Git, both server and client side are concerned.

    Tuleap is concerned by the issue as Git is directly used. Also note, git19 is provided by the Tuleap repo.

    References

    CVE-2016-2324
    CVE-2016-2315
    http://seclists.org/oss-sec/2016/q1/645

    SCM/Git
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2016-03-29
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #8959

    Artifact Tracker v5

    rel #8869 8.13
    Display settings

    Follow-ups

    User avatar
    Nouha Terzi (terzino)2016-03-29 15:27
    Hello,

    Does it mean we should upgrade git version?

    Thank you for you support.
    User avatar
    Thomas Gerbet (tgerbet)2016-03-29 15:25
    Git packages in the Tuleap repo are now up to date.
    • Status changed from Under implementation to Closed
    • Close date set to 2016-03-29
    User avatar
    Thomas Gerbet (tgerbet)2016-03-18 12:36
    Version 2.7.1, 2.7.2 and 2.7.3 of Git are also impacted. Version 2.7.4 have been released to fix the issues.

    https://marc.info/?l=git&m=145824889421350
    • Summary
      -Remote command execution in Git versions before 2.7.1 
      +Remote command execution in Git versions before 2.7.4 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes