A malicious third-party can give a crafted "ssh://..." URL to an
unsuspecting victim, and an attempt to visit the URL can result in any
program that exists on the victim's machine being executed. Such a URL
could be placed in the .gitmodules file of a malicious project, and an
unsuspecting victim could be tricked into running "git clone
--recurse-submodules" to trigger the vulnerability.
Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did
not properly handle host names in 'ssh://' URLs. A remote attacker
could use this to construct a git repository that when accessed
could run arbitrary code with the privileges of the user.
Source: git (LP Ubuntu Debian)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.2)
More Information

Updated: 2018-10-22 14:12:30 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)