[bluewhite64-security] git (BW64SA:20090221-02)
Hash: SHA1
[bluewhite64-security] git (BW64SA:20090221-02)
New git packages are available for Bluewhite64 12.0, 12.1, 12.2, and -current to
fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
There are other security issues related to gitweb, which Bluewhite64 does not
ship, but could be added to a Bluewhite64 install. These problems are also
fixed with this update. The CVE entries for the gitweb issues may be found
here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517
Here are the details from the Bluewhite64 12.2 ChangeLog:
+--------------------------+
PATCHES/packages/git-1.6.1.3-x86_64-1.tgz: Upgraded to git-1.6.1.3.
This fixes a vulnerability where running git-diff or git-grep on a hostile
git repository would result in the execution of arbirary code as the git user.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/git-1.6.1.3-x86_64-1.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/git-1.6.1.3-x86_64-1.tgz
Updated package for Bluewhite64 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/git-1.6.1.3-x86_64-1.tgz
Updated package for Bluewhite64 -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/d/git-1.6.1.3-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 12.0 package:
ab1265cf5104bdcf2f68a5968b8f0f53 git-1.6.1.3-x86_64-1.tgz
Bluewhite64 12.1 package:
d29bddc9c1054b3c11a350ea52c7da10 git-1.6.1.3-x86_64-1.tgz
Bluewhite64 12.2 package:
1ba88ebe4017ba956f8f82e38e5193e4 git-1.6.1.3-x86_64-1.tgz
Bluewhite64 -current package:
e6a9e100b3a769e862698ce656df3be6 git-1.6.1.3-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg git-1.6.1.3-x86_64-1.tgz
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmf/aYACgkQpTOsxuDdlY6d0ACggA9C16OLkMFzzYULBFBhaQK4
GhUAnREnoqsSx+rzhrUgHm7zmkpWbVXi
=92fy
-----END PGP SIGNATURE-----