Debian Security Advisory

DLA-1068-1 git -- LTS security update

Date Reported:
27 Aug 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-1000117.
More information:

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules.

For Debian 7 Wheezy, these problems have been fixed in version 1:

We recommend that you upgrade your git packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: