FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Git -- Execute arbitrary code

Affected packages
	git	<	2.6.1
	git-gui	<	2.6.1
	git-lite	<	2.6.1
	git-subversion	<	2.6.1

Details

VuXML ID	7f645ee5-7681-11e5-8519-005056ac623e
Discovery	2015-09-23
Entry	2015-10-19
Modified	2015-12-12

Git release notes:

Some protocols (like git-remote-ext) can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources (e.g., .gitmodules files in a remote repository), and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to well known and safe ones.

[source]

References

CVE Name	CVE-2015-7545
URL	http://www.openwall.com/lists/oss-security/2015/12/11/7
URL	https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt