PublicDateAtUSN: 2018-10-06
Candidate: CVE-2018-17456
PublicDate: 2018-10-06 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
 https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct.c.googlers.com/
 https://ubuntu.com/security/notices/USN-3791-1
Description:
 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x
 before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote
 code execution during processing of a recursive "git clone" of a
 superproject if a .gitmodules file has a URL field beginning with a '-'
 character.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_git:
 upstream: https://git.kernel.org/pub/scm/git/git.git/commit/?id=98afac7a7cefdca0d2c4917dd8066a59f7088265
 upstream: https://git.kernel.org/pub/scm/git/git.git/commit/?id=f6adec4e329ef0e25e14c63b735a5956dc67b8bc
 upstream: https://git.kernel.org/pub/scm/git/git.git/commit/?id=273c61496f88c6495b886acb1041fe57965151da
 upstream: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46
 upstream: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404
upstream_git: released (1:2.19.1-1)
precise/esm_git: DNE
trusty_git: released (1:1.9.1-1ubuntu0.9)
trusty/esm_git: DNE (trusty was released [1:1.9.1-1ubuntu0.9])
xenial_git: released (1:2.7.4-0ubuntu1.5)
esm-infra/xenial_git: released (1:2.7.4-0ubuntu1.5)
bionic_git: released (1:2.17.1-1ubuntu0.3)
devel_git: released (1:2.19.1-1ubuntu1)