oss-sec mailing list archives
Re: request for CVEs for git clients
From: Reed Loden <reed () reedloden com>
Date: Thu, 18 Dec 2014 17:15:39 -0800
http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html says CVE-2014-9390 is already assigned. ~reed On Thu, Dec 18, 2014 at 3:38 PM, Kurt Seifried <kseifried () redhat com> wrote:
Can we please get CVEs for https://github.com/blog/1938-vulnerability-announced-update-your-git-clients In addition, the following updated versions of Git address this vulnerability: The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1). Git for Windows (also known as MSysGit) has released maintenance version 1.9.5. The two major Git libraries, libgit2 and JGit, have released maintenance versions with the fix. Third party software using these libraries is strongly encouraged to update. ==== looks like most Linux users are ok though "The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem." -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Current thread:
- request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Julien Cristau (Dec 20)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Alex Gaynor (Dec 18)
- Re: request for CVEs for git clients Reed Loden (Dec 19)
- RE: request for CVEs for git clients Christey, Steven M. (Dec 19)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)