Advisories ยป MGASA-2016-0119

Updated git packages fix security vulnerability

Publication date: 25 Mar 2016
Modification date: 25 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2315 , CVE-2016-2324

Description

There is a buffer overflow vulnerability possibly leading to remote code
execution in git. It can happen while pushing or cloning a repository with
a large filename or a large number of nested trees (CVE-2016-2315,
CVE-2016-2324).

The git package has been updated to version 2.7.4, which fixes this issue,
as well as several other bugs.

The cgit package bundles git, and its bundled copy of git has also been
updated to version 2.7.4.
                

References

SRPMS

5/core