diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | doc/bugs/dashed_ssh_hostname_security_hole.mdwn | 2 | ||||
-rw-r--r-- | doc/news/version_6.20170818.mdwn | 2 |
3 files changed, 4 insertions, 1 deletions
@@ -4,6 +4,7 @@ git-annex (6.20170818) unstable; urgency=high would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted repository url to cause the victim to execute arbitrary code via -oProxyCommand. + CVE-2017-12976 (The same class of security hole recently affected git itself.) * git-annex.cabal: Deal with breaking changes in Cabal 2.0. * Fix build with QuickCheck 2.10. diff --git a/doc/bugs/dashed_ssh_hostname_security_hole.mdwn b/doc/bugs/dashed_ssh_hostname_security_hole.mdwn index 048f9597b..cdae02391 100644 --- a/doc/bugs/dashed_ssh_hostname_security_hole.mdwn +++ b/doc/bugs/dashed_ssh_hostname_security_hole.mdwn @@ -19,6 +19,8 @@ This was fixed in version 6.20170818. Now there's a SshHost type that is not allowed to start with a dash, and every invocation of ssh is in a function that takes a SshHost. +CVE-2017-12976 has been assigned for this issue. + [[done]] --[[Joey]] diff --git a/doc/news/version_6.20170818.mdwn b/doc/news/version_6.20170818.mdwn index 97ad292ea..388f36562 100644 --- a/doc/news/version_6.20170818.mdwn +++ b/doc/news/version_6.20170818.mdwn @@ -3,7 +3,7 @@ recommended. Attacks using this security hole will involve the attacker either providing a ssh repository url to the user, or the user pulling from a git-annex repository provided by an attacker and then running `git annex enableremote`. For details about the security hole, see -[[bugs/dashed_ssh_hostname_security_hole]]. +[[bugs/dashed_ssh_hostname_security_hole]]. CVE-2017-12976 git-annex 6.20170818 released with [[!toggle text="these changes"]] [[!toggleable text=""" |