Package: git-core
Version: 1.5.0.2-1
Severity: grave
Tags: security
The relevant commits are, as far as I know:
commit eecc8367f4eaafc8449fc08c4e33f3f8ac474469
Author: Eygene Ryabinkin <[EMAIL PROTECTED]>
Date: Thu Mar 1 19:09:12 2007 +0300
Another memory overrun in http-push.c
Use of strlcpy() are wrong, as the source buffer at these
locations may not be NUL-terminated.
commit 2c46759db757eb742590e8547cb0c63e8bdb1da1
Author: Eygene Ryabinkin <[EMAIL PROTECTED]>
Date: Wed Feb 28 12:12:02 2007 -0800
http-push.c::lock_remote(): validate all remote refs.
Starting from offset 11 might have been good back when it was
only used for updating "refs/heads/*", but it is used to update
"info/refs" and "refs/tags/*" as well.
Signed-off-by: Junio C Hamano <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
