CVE-2014-9390

Priority
Description
[arbitrary command execution vulnerability on case-insensitive file
systems]
Notes
 kees> This CVE is about the git VCS. The "git" from hardy and earlier is
  not what was "git-core".
 jdstrand> Maverick and later renamed 'git-core' to 'git', so 'git' in these
  releases does refer to git VCS.
 jdstrand> initially marked 'low' since default filesystems on Ubuntu are
  case-sensitive, however file servers serving these reopositories to clients
  need to be patched, so upping to medium
 tyhicks> git upstream fixed a minor regression in the HFS+ .git filtering with
  commit 6aaf956b
Assigned-to
tyhicks
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.1.4-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:1.7.9.5-1ubuntu0.1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:1.9.1-1ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.1.4-2)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.1.4-2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:2.1.4-2)
Ubuntu 19.04 (Disco Dingo):released (1:2.1.4-2)
Ubuntu 19.10 (Eoan):released (1:2.1.4-2)
Patches:
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=4616918013bf4fb3ce61175702d963a1fdd87f84
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=96b50cc19003d54f5962d65597c94e2c52eb22e7
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=cc2fc7c2f07c4a2aba5a653137ac9b489e05df43
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=450870cba7a9bac94b5527021800bd8bf037c99c
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=76e86fc6e3523d28e8db00e7b10c33c553d996b8
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=6162a1d323d24fd8cbbb1a6145a91fb849b2568f
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=a42643aa8d88a2278acad2da6bc702e426476e9b
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=a18fcc9ff22b714e7df30c400c05542f52830eb0
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=1d1d69bc52dcc7def5b2edbd165cc0a4e3911c8e
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=2b4c6efc82119ba8f4169717473d95d1a89e4c69
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=d08c13b947335cc48ecc1a8453d97b7147c2d6d6
Upstream:https://git.kernel.org/cgit/git/git.git/commit/?id=6aaf956b08cfab2dcaa1a1afe4192390d0ef14fd
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Source: jgit (LP Ubuntu Debian)
Upstream:released (3.7.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.7.1-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.1-2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.7.1-2)
Ubuntu 19.04 (Disco Dingo):not-affected (3.7.1-2)
Ubuntu 19.10 (Eoan):not-affected (3.7.1-2)
Package
Upstream:released (0.21.1-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.24.1-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.24.1-2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (0.24.1-2)
Ubuntu 19.04 (Disco Dingo):not-affected (0.24.1-2)
Ubuntu 19.10 (Eoan):not-affected (0.24.1-2)
Package
Upstream:released (3.1.2-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [2.0.2-1ubuntu1.2])
Ubuntu 14.04 ESM (Trusty Tahr):released ([2.8.2-1ubuntu1.3])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.1.2-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.1.2-2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.1.2-2)
Ubuntu 19.04 (Disco Dingo):not-affected (3.1.2-2)
Ubuntu 19.10 (Eoan):not-affected (3.1.2-2)
Patches:
Upstream:http://selenic.com/repo/hg-stable/rev/035434b407be (pt0)
Upstream:http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3 (pt1)
Upstream:http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e (pt2)
Upstream:http://selenic.com/repo/hg-stable/rev/7a5bcd471f2e (pt3)
Upstream:http://selenic.com/repo/hg-stable/rev/6dad422ecc5a (pt4)
More Information

Updated: 2019-05-15 17:14:40 UTC (commit 2d71aefac924bf16479c12958688c37878e881eb)