Package: git-core Version: 1:1.6.3.1-1 Severity: grave Tags: security patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for git: SA35437[1]: Description: A vulnerability has been reported in Git, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite loop when parsing certain additional request parameters. This can be exploited to cause a high CPU load by sending specially crafted requests to an affected git-daemon. The vulnerability is reported in versions 1.4.4.5 through 1.6.3.2. Other versions may also be affected. Solution: Fixed in the Git repository.[2] Provided and/or discovered by: Shawn O. Pearce If you fix the vulnerability please also make sure to include the CVE id (if will be available) in the changelog entry. For further information see: [1] http://secunia.com/advisories/35437/ [2] http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9 https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html Cheers, Giuseppe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoy46kACgkQNxpp46476ao5WACfVbG5mv0Ql4FGFwUvekX07nhH uEgAn2tYZoHfAwSh2TKRjkZefSKwNF4m =qMjv -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
