[Git][security-tracker-team/security-tracker][master] Update information on CVE-2017-15298/git
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 10 20:55:03 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1384a946 by Salvatore Bonaccorso at 2019-12-10T20:54:13Z
Update information on CVE-2017-15298/git
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121155,9 +121155,10 @@ CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles
[jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/60ff5b2f547af3828aebafd54daded44cfb0807a (4.14-rc6)
CVE-2017-15298 (Git through 2.14.2 mishandles layers of tree objects, which allows rem ...)
- - git <unfixed> (unimportant)
+ - git 1:2.16.1-1 (unimportant)
NOTE: https://kate.io/blog/git-bomb/
NOTE: https://github.com/Katee/git-bomb
+ NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a937b37e766479c8e780b17cce9c4b252fd97e40
NOTE: No practical security implications
CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP SAPContro ...)
NOT-FOR-US: SAP
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1384a9464550a0b1ec8328190e4d33c9281661f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1384a9464550a0b1ec8328190e4d33c9281661f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191210/a3774012/attachment.html>
More information about the debian-security-tracker-commits
mailing list