CVE-2017-8386

Priority
Medium
Description
"git shell" may allow a user who comes over SSH to run an interactive pager by
causing it to spawn "git upload-pack --help"
References
Notes
 tyhicks> Per upstream advisory, 1.6.1 is the earliest version affected
Assigned-to
mdeslaur
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.11.0-3)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:2.11.0-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.5)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.1)
Ubuntu 16.10 (Yakkety Yak):released (1:2.9.3-1ubuntu0.1)
Ubuntu 17.04 (Zesty Zapus):released (1:2.11.0-2ubuntu0.1)
Patches:
Upstream:https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
More Information

Updated: 2017-05-15 14:14:35 UTC (commit 12551)