PublicDateAtUSN: 2016-03-16
Candidate: CVE-2016-2315
PublicDate: 2016-04-08 14:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
 http://www.openwall.com/lists/oss-security/2016/03/16/2
 https://ubuntu.com/security/notices/USN-2938-1
Description:
 revision.c in git before 2.7.4 uses an incorrect integer data type, which
 allows remote attackers to execute arbitrary code via a (1) long filename
 or (2) many nested trees, leading to a heap-based buffer overflow.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://launchpad.net/bugs/1557787
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818318
 https://bugzilla.novell.com/show_bug.cgi?id=971328
Priority: high
Discovered-by: Laël Cellier
Assigned-to: tyhicks
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_git:
 upstream: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305
upstream_git: released (2.7.0)
precise_git: released (1:1.7.9.5-1ubuntu0.3)
trusty_git: released (1:1.9.1-1ubuntu0.3)
trusty/esm_git: DNE (trusty was released [1:1.9.1-1ubuntu0.3])
vivid/stable-phone-overlay_git: DNE
vivid/ubuntu-core_git: DNE
wily_git: released (1:2.5.0-1ubuntu0.2)
devel_git: released (1:2.7.3-0ubuntu1)