Hi, Christian. They are probably talking about one of these[1][2]. I don't have access to a solaris machine right now, so I don't know which is the latest version they ship, but they probably backported patches. Here we can't do much more about it, given that the packagers for your solaris version are the ones (possibly) packaging 2.3.1. I'd email or open a ticket with Oracle after making sure they 1) haven't backported patches to fix these, or 2) don't have a newer version in their repositories. Cheers! -Santiago. [1] https://security.archlinux.org/CVE-2017-1000117 [2] https://nvd.nist.gov/vuln/detail/CVE-2016-2324 On Thu, Jan 25, 2018 at 06:02:34PM +0100, christian.del.vecchio@xxxxxxxxxx wrote: > dear Team > > I am Christian Del Vecchio,and i work in the infrastructure of Middleware on Zurich. > we have installed in our system Sun your product in order to connect to our bitbucket repository. > > we have followed the instruction provided on your Web Page: > > https://git-scm.com/download/linux > pkgutil -i git > > the version installed is the 2.3.1, and actually it works. > > but last week our security team informed that this software didn't pass the check control due: Git Server and Client Remote Code Execution Vulnerability > > > please, is it available a newer version that fix this problem? > > our system is: Sun Solaris v10 sparc > > best regards > __________________________________________ > > Christian Del Vecchio > Middleware SME > > Zurich Insurance Group Ltd. > bac de Roda 58, > Building C, 4th floor > 08019 Barcelona, Spain > > 64402 (internal) > +34 93 4465402 (direct) > christian.del.vecchio@xxxxxxxxxx > http://www.zurich.com
Attachment:
signature.asc
Description: PGP signature
