CVE-2019-1349 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in git before 2.24.1 when using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate Data Streams attack mentioned in CVE-2019-1352 where files would be written to the `.git/` directory using a synonymous directory name), it was possible to "squat" on the `git~1` shortname on NTFS drives, opening attacks via `git~2`. This also affects Git when run as a Linux application inside the Windows Subsystem for Linux.
Group Package Affected Fixed Severity Status Ticket
AVG-1075 libgit2 1:0.28.3-1 1:0.28.4-1 High Fixed
AVG-1073 git 2.24.0-1 2.24.1-1 High Fixed
Date Advisory Group Package Severity Type
18 Dec 2019 ASA-201912-6 AVG-1073 git High arbitrary code execution
18 Dec 2019 ASA-201912-5 AVG-1075 libgit2 High arbitrary code execution
References
https://github.com/git/git/commit/0060fd1511b94c918928fa3708f69a3f33895a4a
https://lkml.org/lkml/2019/12/10/905