CVE-2017-15298

Priority
Description
Git through 2.14.2 mishandles layers of tree objects, which allows remote
attackers to cause a denial of service (memory consumption) via a crafted
repository, aka a Git bomb. This can also have an impact of disk
consumption; however, an affected process typically would not survive its
attempt to build the data structure in memory before writing to disk.
Package
Source: git (LP Ubuntu Debian)
Upstream:released (2.16.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.10)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.6)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2.17.0-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1:2.17.0-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (1:2.17.0-1ubuntu1)
Patches:
Upstream:https://git.kernel.org/pub/scm/git/git.git/commit/?id=a937b37e76
More Information

Updated: 2018-11-28 12:14:54 UTC (commit 76f9a83b254dc3905de1034f4c3fe4a588a203e0)