← Back to team overview

ubuntu-phone team mailing list archive

Re: Critical Git Vulnerability

 

Am Montag, 22. Dezember 2014 schrieb Rodney Dawes :
> I am pretty sure we do not ship a git client on the phone image.

Yes, the git binary isn't included at all. Moreover, it cannot even be
installed from the rtm repos.

> So why did you add ubuntu-phone to the cc in your reply? The thread on
> ubuntu-devel-discuss (where it belongs) seems have a useful conclusion
> without needing to cross-post to unrelated lists. Appreciate the desire
> to get it fixed, but you don't need to spam another list to garner more
> support for doing so. It's already being fixed.
>
>
>
> On Sun, 2014-12-21 at 08:32 -0800, Joshua Anderson wrote:
>> It is a vulnerability on caps insensitive file systems, which mostly
>> affects Windows and Mac OS X but can affect Linux too, depending on
>> the filesystem used. It would be great to see this fixed.
>>
>> git is at:
>>
>> Vivid: 2.1.3
>> Utopic: 2.1.0
>> Trusty: 1.9.1
>> Precise: 1.7.9
>>
>> -- Joshua Anderson
>>
>> On Dec 21, 2014 5:21 AM, "Colin Law" <clanlaw@xxxxxxxxx> wrote:
>>         On 21 December 2014 at 00:45, Alex Oh <alexoh86@xxxxxxxxx>
>>         wrote:
>>         >
>>
http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html
>>         >
>>         > There is a vulnerability with git pull. Would be great if
>>         the git package
>>         > can be updated to version 2.2.1.
>>
>>         The link suggests it is only relevant on Win and OS X, or do I
>>         misinterpret it?
>>
>>         Colin
>>
>>         --
>>         Ubuntu-devel-discuss mailing list
>>         Ubuntu-devel-discuss@xxxxxxxxxxxxxxxx
>>         Modify settings or unsubscribe at:
>>         https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
> --
> Mailing list: https://launchpad.net/~ubuntu-phone
> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-phone
> More help   : https://help.launchpad.net/ListHelp
>

References