Back to bug 1317981

Who When What Removed Added
Andrej Nemec 2016-03-15 16:49:54 UTC Depends On 1317982
Andrej Nemec 2016-03-15 16:50:04 UTC Depends On 1317983
Andrej Nemec 2016-03-15 16:57:09 UTC Blocks 1317984
Salvatore Bonaccorso 2016-03-15 18:21:14 UTC CC carnil
Christian Stadelmann 2016-03-16 09:30:31 UTC CC rhbz
Andrej Nemec 2016-03-16 10:02:44 UTC Whiteboard impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/git=notaffected,epel-5/git=affected,rhel-6/git=affected,rhel-7/git=affected,openshift-1/git=affected impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/git=affected,epel-5/git=affected,rhel-6/git=affected,rhel-7/git=affected,openshift-1/git=affected
Andrej Nemec 2016-03-16 10:05:26 UTC Depends On 1318220
Clifford Perry 2016-03-16 10:33:07 UTC CC cperry
Andrej Nemec 2016-03-16 10:47:18 UTC Whiteboard impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/git=affected,epel-5/git=affected,rhel-6/git=affected,rhel-7/git=affected,openshift-1/git=affected impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/git=affected,epel-5/git=affected,rhel-6/git=affected,rhel-7/git=affected,openshift-1/git=affected,rhscl-2/git19=affected
Andrej Nemec 2016-03-16 10:47:29 UTC CC jorton, mmaslano
Tomas Hoger 2016-03-16 10:59:26 UTC Whiteboard impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,fedora-all/git=affected,epel-5/git=affected,rhel-6/git=affected,rhel-7/git=affected,openshift-1/git=affected,rhscl-2/git19=affected impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,rhel-6/git=affected,rhel-7/git=affected,rhscl-2/git19-git=affected,openshift-1/git=affected,fedora-all/git=affected,epel-5/git=affected
Stefan Cornelius 2016-03-16 11:14:24 UTC Depends On 1318252
Stefan Cornelius 2016-03-16 11:14:28 UTC Depends On 1318253
Stefan Cornelius 2016-03-16 11:14:33 UTC Depends On 1318254
Stefan Cornelius 2016-03-16 11:14:37 UTC Depends On 1318255
Stefan Cornelius 2016-03-16 11:14:41 UTC Depends On 1318256
Stefan Cornelius 2016-03-16 11:14:46 UTC Depends On 1318257
Pablo Iranzo Gómez 2016-03-16 13:05:12 UTC CC pablo.iranzo
Kent Engström 2016-03-16 13:21:57 UTC CC kent
Jarek Polok 2016-03-16 14:31:21 UTC CC jaroslaw.polok
Chris Robinson 2016-03-16 15:12:04 UTC CC crrobins
Thomas Gerbet 2016-03-16 18:58:58 UTC CC thomas.gerbet+redhat
James Boyle 2016-03-16 19:20:51 UTC CC unixi
Debra Fezza Reed 2016-03-16 21:48:30 UTC CC debra.fezzareed
Agostino Sarubbo 2016-03-17 20:22:40 UTC CC ratlaw
CC ago
Carl George 2016-03-17 21:44:12 UTC CC carl.george
David Woodhouse 2016-03-17 23:05:42 UTC CC dwmw2
Tomas Hoger 2016-03-18 14:05:18 UTC CC gagriogi
Fixed In Version git 2.7.1 git 2.4.11, git 2.5.5, git 2.6.6, git 2.7.4
Summary CVE-2016-2324 git: remote code execution via buffer overflow CVE-2016-2315 CVE-2016-2324 git: path_name() integer truncation and overflow leading to buffer overflow
Stefan Cornelius 2016-03-21 11:39:30 UTC Whiteboard impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-122,rhel-6/git=affected,rhel-7/git=affected,rhscl-2/git19-git=affected,openshift-1/git=affected,fedora-all/git=affected,epel-5/git=affected impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-131->CWE-122->CWE-190->CWE-194,rhel-6/git=affected,rhel-7/git=affected,rhscl-2/git19-git=affected,openshift-1/git=affected,fedora-all/git=affected,epel-5/git=affected
Stefan Cornelius 2016-03-21 15:15:24 UTC Comment 30 is private 1 0
Martin Prpič 2016-03-22 08:35:04 UTC Doc Text An integer truncation flaw and an integer overflow flaw were found in the way Git processed certain path information. A remote attacker could possibly exploit these flaws to cause a crash of the Git client or, possibly, execute arbitrary code with the privileges of the user running Git by pushing specially crafted data to a remote Git repository or tricking an unsuspecting user into cloning a malicious Git repository.
Sven Hoexter 2016-03-22 10:38:36 UTC CC sven
Paul Dwyer 2016-03-22 11:09:14 UTC CC pdwyer
Martin Prpič 2016-03-22 16:14:49 UTC Doc Text An integer truncation flaw and an integer overflow flaw were found in the way Git processed certain path information. A remote attacker could possibly exploit these flaws to cause a crash of the Git client or, possibly, execute arbitrary code with the privileges of the user running Git by pushing specially crafted data to a remote Git repository or tricking an unsuspecting user into cloning a malicious Git repository. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.
Adam Mariš 2016-03-23 14:20:58 UTC CC ahardy
Depends On 1320555
foudfou 2016-03-30 09:17:17 UTC CC foudilmusic
Tomas Hoger 2016-03-30 14:27:50 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-03-30 10:27:50 UTC
Adam Mariš 2016-04-15 09:14:59 UTC CC amaris
Depends On 1327084
Debra Fezza Reed 2016-04-15 15:48:10 UTC CC debra.fezzareed
Christian Stadelmann 2016-04-22 10:04:54 UTC Depends On 1329591
Adam Mariš 2016-11-08 16:03:27 UTC CC amaris
Product Security DevOps Team 2019-09-29 13:45:56 UTC Whiteboard impact=important,public=20160306,reported=20160315,source=gentoo,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-131->CWE-122->CWE-190->CWE-194,rhel-6/git=affected,rhel-7/git=affected,rhscl-2/git19-git=affected,openshift-1/git=affected,fedora-all/git=affected,epel-5/git=affected

Back to bug 1317981