oss-sec mailing list archives
Re: request for CVEs for git clients
From: Alex Gaynor <alex.gaynor () gmail com>
Date: Thu, 18 Dec 2014 23:41:31 +0000
It looks like hg might also be using the same CVE, based on a tweet I saw. Alex On Thu Dec 18 2014 at 3:39:20 PM Kurt Seifried <kseifried () redhat com> wrote:
Can we please get CVEs for https://github.com/blog/1938-vulnerability-announced- update-your-git-clients In addition, the following updated versions of Git address this vulnerability: The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1). Git for Windows (also known as MSysGit) has released maintenance version 1.9.5. The two major Git libraries, libgit2 and JGit, have released maintenance versions with the fix. Third party software using these libraries is strongly encouraged to update. ==== looks like most Linux users are ok though "The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem." -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Current thread:
- request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Julien Cristau (Dec 20)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Alex Gaynor (Dec 18)
- Re: request for CVEs for git clients Reed Loden (Dec 19)
- RE: request for CVEs for git clients Christey, Steven M. (Dec 19)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)