Mail Archives: cygwin/2014/12/22/07:07:05

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/12/22/07:07:05

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:references

:mime-version:content-type:in-reply-to; q=dns; s=default; b=xkhx

uqhA2QwxglrvsgFkrMFtl07BsEGy1ic68YCgewbdKN+RX6yXZVWQszUojck2QPIQ

++cSVs/Ga04Jg1aIdpNZMtJAwQm8mcHQOx4TmGnRv8RRKq2NdNzFHm+vYo1hdLtA

FFfXMRzp6f3ZPkhIb7fVqgqSySnOmGnhLhJG0Uc=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:references

:mime-version:content-type:in-reply-to; s=default; bh=mcVx1Be86+

ASlKdE4+c5jrZN8ZE=; b=UOnVIWHTEnMcJpbEMpoJyyDhOqXY0FYRfn/Ga26OT9

gMAga/fs1KWjc+ml32P5nd7I5ioF9q8qRNHMR8yD0CUK3d6rSoXlVL3hr1OMFfmi

lfVM8LhX0rMe82nfwSUZbuYGQ2wf1U7hjeIOsQh07IYaqr0TPonuEnORertjQ0LG

o=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-wi0-f174.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=18sxMJHQI4chxhTHjp+xMuteg0fHd8kYyw015OCp/+M=; b=D4xOgMKpzeBteW97Cmqr1U5Nt9ecSlKa+/qjvwLM3ATQl/HjX70OiqWhdhNGltUqnp 4c8GVHZrLQnsGGPTUqAmzMzxC5uVGO5c24tp8YMER96XoyVCuc8Bn6xKT+zkHQGPCiCx 2To07YkREuN1b7Cg7woj+wM7msWqWUK+Gwokw6eEOkseC/Pd3XJUNNwSgpTV046KM8qb d0E9SaYiZYHIklFN3O3MBT6TN8diTPV2eSZGB8C/S/eLzLtV6T/E5qbM5lGXAxCzAcWH eOa6tCO2F6WEmfJaOUIgZIbgQbm8GrZxFmCiM7IXxDhhfxjqffiS201Ji1Fr/sd1KRwS 7b1Q==

X-Gm-Message-State: ALoCoQnYCxs92gmjU0q/g4F1cSNKkQVmBn+ylHYAfCq/hFAwfrDT4HNAxJGbsjYf6wRJqv79yqqx

X-Received: by 10.194.200.1 with SMTP id jo1mr41869390wjc.64.1419249998202; Mon, 22 Dec 2014 04:06:38 -0800 (PST)

Date: Mon, 22 Dec 2014 12:06:29 +0000

From: Adam Dinwoodie <adam AT dinwoodie DOT org>

To: cygwin AT cygwin DOT com

Subject: Re: Major Git vulnerability announced; when can we expect an update to the Cygwin git package?

Message-ID: <20141222120629.GA20436@dinwoodie.org>

References: <CAKL2AYOa3LNYC7xgg_8xUqiej10X47HUB4QQK5xUnJZR7mn_Eg AT mail DOT gmail DOT com>

MIME-Version: 1.0

In-Reply-To: <CAKL2AYOa3LNYC7xgg_8xUqiej10X47HUB4QQK5xUnJZR7mn_Eg@mail.gmail.com>

User-Agent: Mutt/1.5.21 (2010-09-15)

X-IsSubscribed: yes

On Thu, Dec 18, 2014 at 03:50:52PM -0800, Richard Mehlinger wrote:
> Git has announced a major vulnerability, allowing attackers to set up
> a malicious git repository that can be used to take over a client
> computer: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients.
> Maintenance releases are already out for current Git versions.
> 
> My question is: When can we expect an update to the Cygwin git package
> to address these concerns?

I'm aware of the vulnerability and intend to publish a new package as
soon as possible.  A combination of the holiday period, technical
problems and assorted other real life is making this more difficult than
I would like, but I expect to get it released by 11 January at the
absolute latest, and hopefully much sooner than that.

Adam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; q=dns; s=default; b=xkhx
	uqhA2QwxglrvsgFkrMFtl07BsEGy1ic68YCgewbdKN+RX6yXZVWQszUojck2QPIQ
	++cSVs/Ga04Jg1aIdpNZMtJAwQm8mcHQOx4TmGnRv8RRKq2NdNzFHm+vYo1hdLtA
	FFfXMRzp6f3ZPkhIb7fVqgqSySnOmGnhLhJG0Uc=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:references
	:mime-version:content-type:in-reply-to; s=default; bh=mcVx1Be86+
	ASlKdE4+c5jrZN8ZE=; b=UOnVIWHTEnMcJpbEMpoJyyDhOqXY0FYRfn/Ga26OT9
	gMAga/fs1KWjc+ml32P5nd7I5ioF9q8qRNHMR8yD0CUK3d6rSoXlVL3hr1OMFfmi
	lfVM8LhX0rMe82nfwSUZbuYGQ2wf1U7hjeIOsQh07IYaqr0TPonuEnORertjQ0LG
	o=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-wi0-f174.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=18sxMJHQI4chxhTHjp+xMuteg0fHd8kYyw015OCp/+M=; b=D4xOgMKpzeBteW97Cmqr1U5Nt9ecSlKa+/qjvwLM3ATQl/HjX70OiqWhdhNGltUqnp 4c8GVHZrLQnsGGPTUqAmzMzxC5uVGO5c24tp8YMER96XoyVCuc8Bn6xKT+zkHQGPCiCx 2To07YkREuN1b7Cg7woj+wM7msWqWUK+Gwokw6eEOkseC/Pd3XJUNNwSgpTV046KM8qb d0E9SaYiZYHIklFN3O3MBT6TN8diTPV2eSZGB8C/S/eLzLtV6T/E5qbM5lGXAxCzAcWH eOa6tCO2F6WEmfJaOUIgZIbgQbm8GrZxFmCiM7IXxDhhfxjqffiS201Ji1Fr/sd1KRwS 7b1Q==
X-Gm-Message-State:	ALoCoQnYCxs92gmjU0q/g4F1cSNKkQVmBn+ylHYAfCq/hFAwfrDT4HNAxJGbsjYf6wRJqv79yqqx
X-Received:	by 10.194.200.1 with SMTP id jo1mr41869390wjc.64.1419249998202; Mon, 22 Dec 2014 04:06:38 -0800 (PST)
Date:	Mon, 22 Dec 2014 12:06:29 +0000
From:	Adam Dinwoodie <adam AT dinwoodie DOT org>
To:	cygwin AT cygwin DOT com
Subject:	Re: Major Git vulnerability announced; when can we expect an update to the Cygwin git package?
Message-ID:	<20141222120629.GA20436@dinwoodie.org>
References:	<CAKL2AYOa3LNYC7xgg_8xUqiej10X47HUB4QQK5xUnJZR7mn_Eg AT mail DOT gmail DOT com>
MIME-Version:	1.0
In-Reply-To:	<CAKL2AYOa3LNYC7xgg_8xUqiej10X47HUB4QQK5xUnJZR7mn_Eg@mail.gmail.com>
User-Agent:	Mutt/1.5.21 (2010-09-15)
X-IsSubscribed:	yes