oss-sec mailing list archives
CVE for git issue - please use CVE-2015-7545
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 8 Dec 2015 07:47:21 -0700
With apologies, I can't find the original http://seclists.org/oss-sec/2015/q4/37 in my mailbox (3+ months old) but we've now shipped advisories, had several people ask and not gotten a CVE yet so here it is: CVE-2015-7545 Git: Some protocols (like git-remote-ext) can execute arbitrary code found in the URL The other HTTP redirect/protocol issues don't seem to be security issues per se (unexpected/annoying yes, but I can't think of any real security impact). -- -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- CVE for git issue - please use CVE-2015-7545 Kurt Seifried (Dec 08)
- RE: CVE for git issue - please use CVE-2015-7545 Evans, Jonathan L. (Dec 09)
- Re: CVE for git issue - please use CVE-2015-7545 Kurt Seifried (Dec 09)
- Re: CVE for git issue - please use CVE-2015-7545 cve-assign (Dec 11)
- RE: CVE for git issue - please use CVE-2015-7545 Evans, Jonathan L. (Dec 09)