Ubuntu
git package

CVE-2018-1000021 fixed?

Asked by Jason Puckett on 2022-06-03

Apologies for what may be a very rookie question.

This CVE looks like it only affects GIT version 2.15.1 and earlier. Is it safe to assume that the current version of Git available in the Focal image (1:2.25.1-1ubuntu3.4 ) is sourced from Git version 2.25 or later and is therefore not susceptible to this vulnerability?

Thanks for your time,
Jason

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu git Edit question

Assignee:: No assignee Edit question

Last query:: 2022-06-03

Last reply:: 2022-06-04

Link existing bug

Revision history for this message

Manfred Hampl (m-hampl) said on 2022-06-04:

That is quite strange and I do not have an answer or explanation:

The CVE text mentions "GIT version 2.15.1 and earlier".
Ubuntu releases since bionic have git version 2.17 and higher, but the Ubuntu CVE page https://ubuntu.com/security/CVE-2018-1000021 shows a status of "needed" for the current versions.

Revision history for this message

mengyangliu (mengyangliu) said on 2023-08-31:

Is there any updates about this vulnerability?

Can you help with this problem?

Provide an answer of your own, or ask Jason Puckett for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Ubuntugit package

CVE-2018-1000021 fixed?

Question information

Related bugs

Related FAQ:

Can you help with this problem?

Subscribers

Ubuntu
git package