[SECURITY] [DSA 3521-1] git security update

2016-03-1915:11:45

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.115 Low

EPSS

Percentile

95.2%

JSON

Debian Security Advisory DSA-3521-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
March 19, 2016 https://www.debian.org/security/faq

Package : git
CVE ID : CVE-2016-2315 CVE-2016-2324
Debian Bug : 818318

Lael Cellier discovered two buffer overflow vulnerabilities in git, a
fast, scalable, distributed revision control system, which could be
exploited for remote execution of arbitrary code.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1:1.7.10.4-1+wheezy3.

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1.4-2.1+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 1:2.8.0~rc3-1. CVE-2016-2315 was already fixed in version
1:2.7.0-1.

We recommend that you upgrade your git packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8i386git< 1:2.1.4-2.1+deb8u2git_1:2.1.4-2.1+deb8u2_i386.deb
Debian7allgit-email< 1:1.7.10.4-1+wheezy3git-email_1:1.7.10.4-1+wheezy3_all.deb
Debian7s390git< 1:1.7.10.4-1+wheezy3git_1:1.7.10.4-1+wheezy3_s390.deb
Debian7i386git< 1:1.7.10.4-1+wheezy3git_1:1.7.10.4-1+wheezy3_i386.deb
Debian8allgit-all< 1:2.1.4-2.1+deb8u2git-all_1:2.1.4-2.1+deb8u2_all.deb
Debian8allgit-arch< 1:2.1.4-2.1+deb8u2git-arch_1:2.1.4-2.1+deb8u2_all.deb
Debian7allgitweb< 1:1.7.10.4-1+wheezy3gitweb_1:1.7.10.4-1+wheezy3_all.deb
Debian8allgit-daemon-sysvinit< 1:2.1.4-2.1+deb8u2git-daemon-sysvinit_1:2.1.4-2.1+deb8u2_all.deb
Debian7mipsgit< 1:1.7.10.4-1+wheezy3git_1:1.7.10.4-1+wheezy3_mips.deb
Debian7allgit-man< 1:1.7.10.4-1+wheezy3git-man_1:1.7.10.4-1+wheezy3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	git	< 1:2.1.4-2.1+deb8u2	git_1:2.1.4-2.1+deb8u2_i386.deb
Debian	7	all	git-email	< 1:1.7.10.4-1+wheezy3	git-email_1:1.7.10.4-1+wheezy3_all.deb
Debian	7	s390	git	< 1:1.7.10.4-1+wheezy3	git_1:1.7.10.4-1+wheezy3_s390.deb
Debian	7	i386	git	< 1:1.7.10.4-1+wheezy3	git_1:1.7.10.4-1+wheezy3_i386.deb
Debian	8	all	git-all	< 1:2.1.4-2.1+deb8u2	git-all_1:2.1.4-2.1+deb8u2_all.deb
Debian	8	all	git-arch	< 1:2.1.4-2.1+deb8u2	git-arch_1:2.1.4-2.1+deb8u2_all.deb
Debian	7	all	gitweb	< 1:1.7.10.4-1+wheezy3	gitweb_1:1.7.10.4-1+wheezy3_all.deb
Debian	8	all	git-daemon-sysvinit	< 1:2.1.4-2.1+deb8u2	git-daemon-sysvinit_1:2.1.4-2.1+deb8u2_all.deb
Debian	7	mips	git	< 1:1.7.10.4-1+wheezy3	git_1:1.7.10.4-1+wheezy3_mips.deb
Debian	7	all	git-man	< 1:1.7.10.4-1+wheezy3	git-man_1:1.7.10.4-1+wheezy3_all.deb