X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:date:from:to:subject:message-id
	:mime-version:content-type; q=dns; s=default; b=sWSIPzWoM8fE1der
	4Yrai+vx+dpLXnrUf5YGTfDZ6eq3E/MZ+eqH02mprm/jGtcNO5F88k+Pa9LOr2J7
	fUgXlVa5rAy23hmzbWelaSfeNfqurOVj3OyLdJAiY74dYm3QbLYe73lcNscGjtja
	ImYsL4KpJdUNIZwt3hQeaCwxbyg=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:date:from:to:subject:message-id
	:mime-version:content-type; s=default; bh=b5C5vId6m+b6H4+awARG+b
	8FlFA=; b=SLZwF462obp79Oy3x4vvTTus/FL2ZDJiF1vG5IgaoAr5Gz7sxo+8bg
	EtRcgxwcyK3TLJkfvQO/KrySJRX+DZyPJngumwidNWrH0zOzG3PDWA4HUYxAENlX
	DP8VJCWN9Nhx5z4cOFs6i0VWUWm0vKsDRqutYa7vlBIpCtz9pJUs0=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.2 spammy=sk:kernel., H*F:U*adam, enjoy, announcement
X-HELO:	localhost.localdomain
Reply-To:	cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=R+6alfCz/Rv27SD8/ridzBlZVLJ0Jc3029D7m6YjqZI=; b=GwIF3SRMxAcVKceGoJuW/rYSqtxriYbe0PNpoVh8FTe05MGGuvqpeP+pS5JLr3c6G+ spkuuDIqqNO/yp1XvQvN9jWVA/MLeKQPjqBWvRIxWCHnzVcoQnhlmwlwlRILBOjiWqZU OywxdVPLtX5RDkyX9mKstd9IG2xHqM7ogeR83OIVB7ur8E8v1RgMbP/++0yA4ADiHuPr s7LzWQON9SK/8foxLleEBPRIyjTQG9KOWyVM3AYFA34Z3cLEYfG17w8uvD840oKxGZnD c2zvJVjMnaafasqoE6JkWoyDSsav85ecgweJyGwxyQlbPuhhamSrKs0/jMPM+h9sdqQQ Z6tQ==
X-Gm-Message-State:	AHYfb5heAb6uP5IEM6SyXgHG1gJ1w4Rxe4LNiI2So6i9kf3IaL5BRhrE n2pr0m4EtW1YSdegi8k4HQ==
X-Received:	by 10.223.163.199 with SMTP id m7mr15845809wrb.128.1502699607519; Mon, 14 Aug 2017 01:33:27 -0700 (PDT)
Date:	Mon, 14 Aug 2017 09:33:24 +0100
From:	Adam Dinwoodie <adam AT dinwoodie DOT org>
To:	cygwin AT cygwin DOT com
Subject:	[ANNOUNCEMENT] Security update: Git v2.14.1-1
Message-Id:	<announce.20170814083324.GG32640@dinwoodie.org>
MIME-Version:	1.0
User-Agent:	Mutt/1.5.24 (2015-08-30)
X-IsSubscribed:	yes

Version 2.14.1-1 of Git has been uploaded and should be coming soon to a
mirror near you. This update includes the following packages:

- git
- git-cvs
- git-debuginfo
- git-email
- git-gui
- gitk
- git-p4
- git-svn

This is an update to the latest upstream release, which specifically
fixes CVE-2017-1000117, where a malicious "ssh://..." URL, including one
specified in a .gitmodules file and thus parsed as part of `git clone
--recurse-submodules` or similar, could result in an arbitrary
executable being run on the client system.

For a full list of the upstream changes in this release, please refer to
the upstream changelogs:

https://git.kernel.org/cgit/git/git.git/tree/Documentation/RelNotes
https://kernel.googlesource.com/pub/scm/git/git.git/+/master/Documentation/RelNotes/
https://github.com/gitster/git/tree/master/Documentation/RelNotes

Enjoy!

Adam

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -