Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0808071640440.25461@faron.mitre.org>
Date: Thu, 7 Aug 2008 16:40:56 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: git



======================================================
Name: CVE-2008-3546
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546
Reference: MLIST:[git] 20080716 [PATCH] Fix buffer overflow in git diff
Reference: URL:http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
Reference: CONFIRM:http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt
Reference: BID:30549
Reference: URL:http://www.securityfocus.com/bid/30549
Reference: FRSIRT:ADV-2008-2306
Reference: URL:http://www.frsirt.com/english/advisories/2008/2306
Reference: SECTRACK:1020627
Reference: URL:http://www.securitytracker.com/id?1020627
Reference: SECUNIA:31347
Reference: URL:http://secunia.com/advisories/31347

Stack-based buffer overflow in the (1) diff_addremove and (2)
diff_change functions in GIT before 1.5.6.4 might allow local users to
execute arbitrary code via a PATH whose length is larger than the
system's PATH_MAX when running GIT utilities such as git-diff or
git-grep.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.