A git security update has been released for Debian GNU/Linux 7 Extended LTS

ELA-205-1 git security update

Package git

Version 1:1.7.10.4-1+wheezy8

Related CVE CVE-2019-1348 CVE-2019-1349 CVE-2019-1387

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.



CVE-2019-1348



It was reported that the --export-marks option of git fast-import is

exposed also via the in-stream command feature export-marks=...,

allowing to overwrite arbitrary paths.


CVE-2019-1387



It was discovered that submodule names are not validated strictly

enough, allowing very targeted attacks via remote code execution

when performing recursive clones.


For Debian 7 Wheezy, these problems have been fixed in version 1:1.7.10.4-1+wheezy8.



We recommend that you upgrade your git packages.



Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/