| Errata ID | 388 |
|---|---|
| Date | 2019-12-11 |
| Source package | git |
| Fixed in version | 1:2.11.0-3+deb9u5 |
| Description | This update addresses the following issues: * Arbitrary path overwriting via export-marks command option (CVE-2019-1348) * Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/ (CVE-2019-1349) * Files inside the .git directory may be overwritten during cloning via NTFS Alternate Data Streams (CVE-2019-1352) * NTFS protections inactive when running Git in the Windows Subsystem for Linux (CVE-2019-1353) * Remote code execution in recursive clones (CVE-2019-1387) |
| Additional notes | |
| CVE ID | CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353 CVE-2019-1387 |
| UCS Bug number | #50622 |
