Security update for git SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1422-1 Final 1 1 2017-05-27T12:09:33Z current 2017-05-27T12:09:33Z 2017-05-27T12:09:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for git This update for git fixes the following issues: - git 2.12.3: * CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) * Fix for potential segv introduced in v2.11.0 and later * Misc fixes and cleanups. - git 2.12.2: * CLI output fixes * 'Dump http' transport fixes * various fixes for internal code paths * Trailer 'Cc:' RFC fix - git 2.12.1: * Reduce authentication round-trip over HTTP when the server supports just a single authentication method. * 'git add -i' patch subcommand fixed to have a path selection * various path verification fixes * fix 'git log -L...' buffer overrun This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html E-Mail link for openSUSE-SU-2017:1422-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 git-2.12.3-5.6.1 git-arch-2.12.3-5.6.1 git-core-2.12.3-5.6.1 git-credential-gnome-keyring-2.12.3-5.6.1 git-cvs-2.12.3-5.6.1 git-daemon-2.12.3-5.6.1 git-doc-2.12.3-5.6.1 git-email-2.12.3-5.6.1 git-gui-2.12.3-5.6.1 git-svn-2.12.3-5.6.1 git-web-2.12.3-5.6.1 gitk-2.12.3-5.6.1 git-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-arch-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-core-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-credential-gnome-keyring-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-cvs-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-daemon-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-doc-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-email-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-gui-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-svn-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-web-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 gitk-2.12.3-5.6.1 as a component of openSUSE Leap 42.2 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. CVE-2017-8386 openSUSE Leap 42.2:git-2.12.3-5.6.1 openSUSE Leap 42.2:git-arch-2.12.3-5.6.1 openSUSE Leap 42.2:git-core-2.12.3-5.6.1 openSUSE Leap 42.2:git-credential-gnome-keyring-2.12.3-5.6.1 openSUSE Leap 42.2:git-cvs-2.12.3-5.6.1 openSUSE Leap 42.2:git-daemon-2.12.3-5.6.1 openSUSE Leap 42.2:git-doc-2.12.3-5.6.1 openSUSE Leap 42.2:git-email-2.12.3-5.6.1 openSUSE Leap 42.2:git-gui-2.12.3-5.6.1 openSUSE Leap 42.2:git-svn-2.12.3-5.6.1 openSUSE Leap 42.2:git-web-2.12.3-5.6.1 openSUSE Leap 42.2:gitk-2.12.3-5.6.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html https://www.suse.com/security/cve/CVE-2017-8386.html CVE-2017-8386 https://bugzilla.suse.com/1038395 SUSE Bug 1038395