7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.2%
Sebastian Harl uploaded new packages for git, a popular distributed
revision control system, which fixed the following security problem:
CVE-2010-2542, Debian BTS #590026
A buffer overrun was found in the way Git sanitized path of a git
directory. If a local attacker would create a specially-crafted
working copy and trick the local user into running any git command, it
could lead to arbitrary code execution with the privileges of the user
running the Git command.
For the lenny-backports distribution the problem has been fixed in
version 1:1.7.1-1.1~bpo50+1.
For the stable distribution (lenny), this problem has been fixed in
version 1:1.5.6.5-3+lenny3.1.
For the testing and unstable distributions (squeeze and sid) the
problem has been fixed in version 1:1.7.1-1.1.
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] http://backports.org/dokuwiki/doku.php?id=instructions
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | git, | < 1:1.7.1-1.1 | git,_1:1.7.1-1.1_all.deb |
Debian | 5 | all | git, | < 1:1.5.6.5-3+lenny3.1 | git,_1:1.5.6.5-3+lenny3.1_all.deb |