Red Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
352725d74fb95f72e0eb2f1edd747d546b633fd9a8905c9eff78c83dc5aa4586
Red Hat Security Advisory 2017-2004-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.
3acd4097b044d917a706aa6815aa157e59c26677407b7c97bf84b33a124701dd
Gentoo Linux Security Advisory 201706-4 - A vulnerability in Git might allow remote attackers to bypass security restrictions. Versions less than 2.13.0 are affected.
2d1c30c4c34ddb359e739df3107e6faf5408caaaa58652a79e5b3671fee9110e
Ubuntu Security Notice 3287-1 - Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.
cdf148f00c10d4f5548f08bb4b5ceaa61ba376f7096316241c0b5a359617d8ce
Debian Linux Security Advisory 3848-1 - Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
d5f4d0dbda23cd7fe43f7014ea89b1af9edd308f0898afd4ecd6d344ec21d543