This is an old revision of the document!


Slackware64-13.0 ChangeLog (2017-08-11)

Fri Aug 11 23:02:43 UTC 2017

  • patches/packages/git-2.14.1-x86_64-1_slack13.0.txz
    Fixes security issues:
    A “ssh:…” URL can result in a “ssh” command line with a hostname that
    begins with a dash “-”, which would cause the “ssh” command to instead
    (mis)treat it as an option. This is now prevented by forbidding such a
    hostname (which should not impact any real-world usage).
    Similarly, when GIT_PROXY_COMMAND is configured, the command is run with
    host and port that are parsed out from “ssh:
    …” URL; a poorly written
    GIT_PROXY_COMMAND could be tricked into treating a string that begins with a
    dash “-” as an option. This is now prevented by forbidding such a hostname
    and port number (again, which should not impact any real-world usage).
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117
    (* Security fix *)
  • news/2017/08/11/slackware64-13.0-changelog.1502617228.txt.gz
  • Last modified: 7 years ago
  • by Giuseppe Di Terlizzi