This is the mail archive of the cygwin-announce mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Security update: Git v2.14.1-1


Version 2.14.1-1 of Git has been uploaded and should be coming soon to a
mirror near you. This update includes the following packages:

- git
- git-cvs
- git-debuginfo
- git-email
- git-gui
- gitk
- git-p4
- git-svn

This is an update to the latest upstream release, which specifically
fixes CVE-2017-1000117, where a malicious "ssh://..." URL, including one
specified in a .gitmodules file and thus parsed as part of `git clone
--recurse-submodules` or similar, could result in an arbitrary
executable being run on the client system.

For a full list of the upstream changes in this release, please refer to
the upstream changelogs:

https://git.kernel.org/cgit/git/git.git/tree/Documentation/RelNotes
https://kernel.googlesource.com/pub/scm/git/git.git/+/master/Documentation/RelNotes/
https://github.com/gitster/git/tree/master/Documentation/RelNotes

Enjoy!

Adam


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]