ELA-205-1 git security update

multiple vulnerabilities

2020-01-07
Packagegit
Version1:1.7.10.4-1+wheezy8
Related CVE CVE-2019-1348 CVE-2019-1349 CVE-2019-1387

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.

CVE-2019-1348

It was reported that the --export-marks option of git fast-import is
exposed also via the in-stream command feature export-marks=...,
allowing to overwrite arbitrary paths.

CVE-2019-1387

It was discovered that submodule names are not validated strictly
enough, allowing very targeted attacks via remote code execution
when performing recursive clones.

For Debian 7 Wheezy, these problems have been fixed in version 1:1.7.10.4-1+wheezy8.

We recommend that you upgrade your git packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/