| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=nz+iFHuUGV6JTu4O | |
| 442N/jFxVQ1cAtBWXHUvpv67v1KqXiIrQGabytX4EzJZPplRz94CdPj2w3n468TA | |
| xEwlcXwOO9owf0zhIRMzRU1Oiu9hOX7leEhO9Bvfy0K6JXT0pbZHl+hpRvWHWVpl | |
| sOikm43WJbia9dF0PTws6oaGPcg= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:reply-to:mime-version:to | |
| :subject:references:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=O/LFxGhyX7hNBbbyJV2RtK | |
| 9rfgA=; b=Xmn9Y+hBJ2uAJbSY4tknbTTaoAIOE6drMffmHx5ofT/FD+9IEflqKq | |
| M3ve9TbxE9wPdnkxdRzwGRBaGKsKObP/pQCINp3bXgoAU3uAMFIfISjP/AegXq6J | |
| yUf1pN8w2vN1r4iRm3sVdQ2Ts+doBvB4qqVh/Tw39XP75iHWZU7N0= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-2.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 |
| X-HELO: | csmail.cs.umass.edu |
| Message-ID: | <54983553.7070103@cs.umass.edu> |
| Date: | Mon, 22 Dec 2014 10:14:27 -0500 |
| From: | Eliot Moss <moss AT cs DOT umass DOT edu> |
| Reply-To: | moss AT cs DOT umass DOT edu |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Major Git vulnerability announced; when can we expect an update to the Cygwin git package? |
| References: | <CAKL2AYOa3LNYC7xgg_8xUqiej10X47HUB4QQK5xUnJZR7mn_Eg AT mail DOT gmail DOT com> <20141222120629 DOT GA20436 AT dinwoodie DOT org> |
| In-Reply-To: | <20141222120629.GA20436@dinwoodie.org> |
| X-IsSubscribed: | yes |
On 12/22/2014 7:06 AM, Adam Dinwoodie wrote: > On Thu, Dec 18, 2014 at 03:50:52PM -0800, Richard Mehlinger wrote: >> Git has announced a major vulnerability, allowing attackers to set up >> a malicious git repository that can be used to take over a client >> computer: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients. >> Maintenance releases are already out for current Git versions. >> >> My question is: When can we expect an update to the Cygwin git package >> to address these concerns? > > I'm aware of the vulnerability and intend to publish a new package as > soon as possible. A combination of the holiday period, technical > problems and assorted other real life is making this more difficult than > I would like, but I expect to get it released by 11 January at the > absolute latest, and hopefully much sooner than that. Meanwhile, if you're concerned, I found that the latest git from github built and installed (to /usr/local/bin, etc.) quite easily. Regards -- Eliot Moss -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |