CVE-2017-8386

Priority
Medium
Description
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7,
2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before
2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote
authenticated users to gain privileges via a repository name that starts
with a - (dash) character.
References
Notes
 tyhicks> Per upstream advisory, 1.6.1 is the earliest version affected
Assigned-to
mdeslaur
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.11.0-3)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:2.11.0-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.5)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (1:2.11.0-2ubuntu0.1)
Patches:
Upstream:https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
More Information

Updated: 2017-08-11 23:56:00 UTC (commit 13081)