CVE-2008-3546
Published: 7 August 2008
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
Priority
Status
Package | Release | Status |
---|---|---|
git-core Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.3-1ubuntu1.1)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1:1.5.2.5-2ubuntu0.1)
|
|
hardy |
Released
(1:1.5.4.3-1ubuntu2.1)
|
|
intrepid |
Released
(1:1.5.6.3-1.1ubuntu2.1)
|
|
upstream |
Released
(1:1.5.6.3-1.1)
|
|
Patches: upstream: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=fd55a19 upstream: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=620e2bb upstream: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=f66cf96 vendor: http://patch-tracking.debian.net/package/git-core/1:1.4.4.4-4+etch1 |