X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:references :mime-version:content-type:in-reply-to; q=dns; s=default; b=HoKl 1BjJ/WTRPMdBVQ24VZJDSFHxptXuDY8SbFJbmsL/yjcI8Jp8BtY2tov+qvWlhz8r tPMX1BuAU+9zc+/Z+aC1TXR07BT8XaxZCQB/uJN2MyTwzkN0Dfrbo6bc9M+pQh5V EZxyr9/cNJ0ThBDcXWDtloG/SUn5HsbX+qnhnEs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:references :mime-version:content-type:in-reply-to; s=default; bh=Wd4SgWye4C f0/n1sd4OQ6yzQ1Ds=; b=BtR7X4Hb1fJVPRQBLaMtW/azgvXTdBZs+2E6awc0pU 8wK4jFHa48EOzWc+iYOyocKgehyu3F6aJm5LDlW4DvPx4d0p2xl6HNiIVwQ7OCZS sRKEY/0Y2n7fq+6JJjclVCcDFWICzsVErPlQUW9V2Uz+kpasMWG1z3NRqUu4hlnn w= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=H*i:sk:CAFo71_, H*f:sk:1n5Kyvp, H*i:sk:1n5Kyvp, attn X-HELO: mail-wm0-f54.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=c/KtCC37aLHTcq2ZQIrsXDcv9u7n2o94j0rblw1ZhIQ=; b=dmPl28oRxZnzTjbYPQ/T8yBnzdaTvmUvlI7ESFOOfG9VsdSds1wSIqGnam10yAChUx T1ziTn7GcS8qCZdLeawIwNKMpEdLDTt00o4TCx6mklXLk5YqSTTxuRVRHRP0O+nXp9vW rwrtAToS4CrNLTpbAWWs1BmkmmyaSEFY09HmDZYfEwqb6kv5AG/GlqtnuyHDonfNCNh9 Sm3VWbM5zGTvTtMCLGczimZp/C69n173laauFNNwPcqlThKeB8OhCeCAwvW/bYNgwUj9 qgO8vncAhedgWMi3qwoJrz+dS5hoZgIeNgz0JJfESMd5C7Ym/vO62wxq7J/gCn5Nz4RR b3VQ== X-Gm-Message-State: AD7BkJK+4wXgcmt3HGuZIVnhoLSKGvzIePk4JYNS8NhZ1Ub48GykntEfjocTleBY+3aGAw== X-Received: by 10.28.214.6 with SMTP id n6mr41983951wmg.49.1458297796768; Fri, 18 Mar 2016 03:43:16 -0700 (PDT) Date: Fri, 18 Mar 2016 10:43:14 +0000 From: Adam Dinwoodie To: cygwin AT cygwin DOT com Subject: Re: [Attn] git maintainer: Remote Code Execution for git < 2.7.1 Message-ID: <20160318104314.GZ29016@dinwoodie.org> References: <20160316105010 DOT GN29016 AT dinwoodie DOT org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes On Fri, Mar 18, 2016 at 10:41:41AM +0200, Ismail Donmez wrote: > On Wed, Mar 16, 2016 at 12:50 PM, Adam Dinwoodie wrote: > > On Wed, Mar 16, 2016 at 07:43:54AM +0200, Ismail Donmez wrote: > >> Please see http://www.openwall.com/lists/oss-security/2016/03/15/5 . > >> Would be nice to update to just released 2.7.3 version. > > > > Ack, thanks for the heads up. I've been holding off on making a release > > while investigating some test failures, but I'll try to make a new build > > available either today or tomorrow. > > Now git 2.7.4 is released with more security fixes: > https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt > :( Yes, I spotted that last night. I needed to do a rebuild anyway, so I'll build this version. Adam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple