Mail Archives: cygwin/2018/07/19/23:03:19

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/07/19/23:03:19

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:in-reply-to:references

:message-id:mime-version:content-type:content-transfer-encoding;

q=dns; s=default; b=FJFeRM5vgpO0RpEQK4M0qftMiBnV/j3THHgSh39GXBP

9KrAxyXortt+dHlsoE6Jl33Riw+NVLPJzrgHAPivukVkhZ7bYXn+czmhPQfelUrE

On/HXi3ehfy/3+1Ah4Swo2aCEvANFE+AupP+LYq7XHDutKgrI0E49mUIrkRI31Cw

=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:in-reply-to:references

:message-id:mime-version:content-type:content-transfer-encoding;

s=default; bh=xMbu7DOY1cb7RqqLabBBNRyPZck=; b=a4PLV2E96saJIx0CP

j2jvhLFgE1poN3ncK+xYlctUwKfcUDt52IJDjESLdcUZglUMNmkegDUIRRwq1NZW

TViXDGkEkQ3ynCjb8tilTzq0VCcny7QHR3Rth4dtvzpuP+lqxrwKZuf8Z07F0zeU

prHSKDkZw/XXweASEBVk+DRaCM=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=4.2 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPAM_BODY,SPF_PASS autolearn=no version=3.3.2 spammy=life, H*RU:209.85.160.67, Hx-spam-relays-external:209.85.160.67, personal

X-HELO: mail-pl0-f67.google.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=k7i.jp; s=google; h=date:from:to:subject:in-reply-to:references:message-id:mime-version :content-transfer-encoding; bh=mqeILRUihvGOpp4zyQhGG9c+VlXBxpl7Dz1DHQ+n1g0=; b=YvYgfXY36j3kYt2V7wg/LwW3PyPlReWtA85jimJKaBQLGaUvkx1ZMc2P2m19PpWtQh JH6DQzaFMjZ4NzWhiDuA8c/4rPDn7JnaF4Mv397n8RZ7F/HsTD/uzoiXVx3DP2nuS5a1 PjJLhlW3YC4oBLLhLV0u4cS+0V4lFhi2Z2I5PUg0wZgJ2094/QE6C57fvkIBcXjBUQYe h9pUFzw16z527qDuTzG7tEWv97iWqTCKxASBTjVZ82UoYfRMAVbCE8VsUKJaYC30AZ5K 1RiwBZtHkRM5uzaXnoL9EPyovNi1TNhc5qTt44WCKbqlzGxAyqNiFubtfQ3EBa7CyJFk SvqQ==

Date: Fri, 20 Jul 2018 12:02:57 +0900

From: Akihiko Kawaguchi <a AT k7i DOT jp>

To: cygwin AT cygwin DOT com

Subject: Re: Question on CVE-2018-11235

In-Reply-To: <CA+kUOamqSYO7Z=0hsZrRsEqBpDFvG_JYc1vwyaTahTWh9iUxLw@mail.gmail.com>

References: <20180719165604 DOT 7996 DOT F7B0B048 AT k7i DOT jp> <CA+kUOamqSYO7Z=0hsZrRsEqBpDFvG_JYc1vwyaTahTWh9iUxLw AT mail DOT gmail DOT com>

X-Mailer-Plugin: Cliche Inserter for Becky!2 Ver.0.03 Rev.0

Message-Id: <20180720120255.7CAA.F7B0B048@k7i.jp>

MIME-Version: 1.0

X-IsSubscribed: yes

Adam,

Thank you so much for your prompt reply, and your contribution to git
package maintenance.
I hope your personal life goes well.
I will check your advice.

Best Regards,
Kawaguchi

On Thu, 19 Jul 2018 13:38:51 +0100
Adam Dinwoodie <adam AT dinwoodie DOT org> wrote:

> On Thu, 19 Jul 2018 at 08:56, Akihiko Kawaguchi wrote:
> > Hello,
> >
> > Does anyone know when git client package to fix the following
> > vulnerability will be released for Cygwin?
> >
> >     https://nvd.nist.gov/vuln/detail/CVE-2018-11235
> >
> > Currently, all the versions I can choose on Cygwin installer are
> > 2.16.1-1, 2.16.2-1 or 2.17.0-1.
> 
> I'm afraid personal life has got in the way of me producing a more
> up-to-date version of Git since the versions you've found. I'll
> produce a new release when I get the chance, but I don't want to
> commit to any particular dates at this point.
> 
> In the meantime, I'd suggest either not cloning untrusted repositories
> while using the `--recurse-submodules` option (or, as general security
> practice, not cloning untrusted repositories at all), or compiling Git
> locally yourself.
> 
> As a general point, if people want to compile Git themselves, it's
> normally straightforward, either using the upstream Git sources, or
> using the Cygport packaging sources from
> https://github.com/me-and/Cygwin-Git. I only haven't released it
> myself because I have a higher bar for making sure the test suite
> passes and so forth for something that'll be used by a significant
> chunk of the Cygwin user base, than for something that's only going to
> be used by me.
> 
> Adam
> Your local friendly Git package maintainer
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:in-reply-to:references
	:message-id:mime-version:content-type:content-transfer-encoding;
	q=dns; s=default; b=FJFeRM5vgpO0RpEQK4M0qftMiBnV/j3THHgSh39GXBP
	9KrAxyXortt+dHlsoE6Jl33Riw+NVLPJzrgHAPivukVkhZ7bYXn+czmhPQfelUrE
	On/HXi3ehfy/3+1Ah4Swo2aCEvANFE+AupP+LYq7XHDutKgrI0E49mUIrkRI31Cw
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:in-reply-to:references
	:message-id:mime-version:content-type:content-transfer-encoding;
	s=default; bh=xMbu7DOY1cb7RqqLabBBNRyPZck=; b=a4PLV2E96saJIx0CP
	j2jvhLFgE1poN3ncK+xYlctUwKfcUDt52IJDjESLdcUZglUMNmkegDUIRRwq1NZW
	TViXDGkEkQ3ynCjb8tilTzq0VCcny7QHR3Rth4dtvzpuP+lqxrwKZuf8Z07F0zeU
	prHSKDkZw/XXweASEBVk+DRaCM=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=4.2 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPAM_BODY,SPF_PASS autolearn=no version=3.3.2 spammy=life, H*RU:209.85.160.67, Hx-spam-relays-external:209.85.160.67, personal
X-HELO:	mail-pl0-f67.google.com
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=k7i.jp; s=google; h=date:from:to:subject:in-reply-to:references:message-id:mime-version :content-transfer-encoding; bh=mqeILRUihvGOpp4zyQhGG9c+VlXBxpl7Dz1DHQ+n1g0=; b=YvYgfXY36j3kYt2V7wg/LwW3PyPlReWtA85jimJKaBQLGaUvkx1ZMc2P2m19PpWtQh JH6DQzaFMjZ4NzWhiDuA8c/4rPDn7JnaF4Mv397n8RZ7F/HsTD/uzoiXVx3DP2nuS5a1 PjJLhlW3YC4oBLLhLV0u4cS+0V4lFhi2Z2I5PUg0wZgJ2094/QE6C57fvkIBcXjBUQYe h9pUFzw16z527qDuTzG7tEWv97iWqTCKxASBTjVZ82UoYfRMAVbCE8VsUKJaYC30AZ5K 1RiwBZtHkRM5uzaXnoL9EPyovNi1TNhc5qTt44WCKbqlzGxAyqNiFubtfQ3EBa7CyJFk SvqQ==
Date:	Fri, 20 Jul 2018 12:02:57 +0900
From:	Akihiko Kawaguchi <a AT k7i DOT jp>
To:	cygwin AT cygwin DOT com
Subject:	Re: Question on CVE-2018-11235
In-Reply-To:	<CA+kUOamqSYO7Z=0hsZrRsEqBpDFvG_JYc1vwyaTahTWh9iUxLw@mail.gmail.com>
References:	<20180719165604 DOT 7996 DOT F7B0B048 AT k7i DOT jp> <CA+kUOamqSYO7Z=0hsZrRsEqBpDFvG_JYc1vwyaTahTWh9iUxLw AT mail DOT gmail DOT com>
X-Mailer-Plugin:	Cliche Inserter for Becky!2 Ver.0.03 Rev.0
Message-Id:	<20180720120255.7CAA.F7B0B048@k7i.jp>
MIME-Version:	1.0
X-IsSubscribed:	yes