FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Git -- Execute arbitrary code

Affected packages
git < 2.6.1
git-gui < 2.6.1
git-lite < 2.6.1
git-subversion < 2.6.1

Details

VuXML ID 7f645ee5-7681-11e5-8519-005056ac623e
Discovery 2015-09-23
Entry 2015-10-19
Modified 2015-12-12

Git release notes:

Some protocols (like git-remote-ext) can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources (e.g., .gitmodules files in a remote repository), and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to well known and safe ones.

References

CVE Name CVE-2015-7545
URL http://www.openwall.com/lists/oss-security/2015/12/11/7
URL https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt