CVE-2017-8386

Priority
Description
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7,
2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before
2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote
authenticated users to gain privileges via a repository name that starts
with a - (dash) character.
Assigned-to
mdeslaur
Notes
tyhicksPer upstream advisory, 1.6.1 is the earliest version affected
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.11.0-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:1.9.1-1ubuntu0.5])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.7.4-0ubuntu1.1)
Patches:
Upstream:https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
More Information

Updated: 2020-03-18 22:50:40 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)