-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 27 Jan 2006, Junio C Hamano wrote: > The latest maintenance release GIT 1.1.5 is available at the > usual places: > > http://www.kernel.org/pub/software/scm/git/ > > git-1.1.5.tar.{gz,bz2} (tarball) > RPMS/$arch/git-*-1.1.5-1.$arch.rpm (RPM) > > Mark Wooding noticed that there is a bug in git-checkout-index > to overflow its internal buffer, if you construct a blob that > records an insanely long symbolic link in your index file and > try to check it out. This makes it dump core or worse. > > The fix for this problem is the only change from v1.1.4. The > master branch has been updated with the same fix (so has "pu"). > > > --- > > By the way, "dump core or worse" is a subtle way to say that > this is a security fix. To be victimized, you have to somehow > first get such a bogus symbolic link in your index. Merging > with somebody of dubious trustworthiness is a way to do so; > please practice safe merge ;-). I've updated the Source Mage GNU/Linux package, thanks! - -sandalle - -- Eric Sandall | Source Mage GNU/Linux Developer eric@sandall.us | http://www.sourcemage.org/ http://eric.sandall.us/ | SysAdmin @ Inst. Shock Physics @ WSU http://counter.li.org/ #196285 | http://www.shock.wsu.edu/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD36CPHXt9dKjv3WERAhpUAKCXdVE+RgUUEY2BGl2jf0Bicdo7lgCgu/PJ yfRqXjYEzA8etWJBWQ+fK7E= =4UVq -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Wed Feb 01 04:38:37 2006
This archive was generated by hypermail 2.1.8 : 2006-02-01 04:38:45 EST