ELA-205-1 git security update

multiple vulnerabilities

Related CVE CVE-2019-1348 CVE-2019-1349 CVE-2019-1387

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.


It was reported that the --export-marks option of git fast-import is
exposed also via the in-stream command feature export-marks=...,
allowing to overwrite arbitrary paths.


It was discovered that submodule names are not validated strictly
enough, allowing very targeted attacks via remote code execution
when performing recursive clones.

For Debian 7 Wheezy, these problems have been fixed in version 1:

We recommend that you upgrade your git packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/