DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 57SE8ORH1020504
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 57SE8ORH1020504
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=nOxEkIDw
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A2B9C3858C66
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1756390103;
	bh=xmN/BTrshQv2brvk5hcJFLXOe6waSbYQJDrvhX1KxX8=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=nOxEkIDwb9G9dYq4REEHu+8BVBmUpBPWu10vLKy6B6vZ1GLVw8pbOBUOgT4n/bx4t
	 Npn9JGur+zLZVoGuTHb7sfEhvlizLm2P8t7wE9eLVX+0yZRsk40sLI3vlEedLTn64s
	 dYG5DAzLwf8Olx1utzG/aE4SqiWFy8DPBCISlaaI=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 407453858C56
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 407453858C56
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1756390038; cv=none;
 b=wcFdb43ZcoaSLJaLakjIrVs1pTWKgGDgnEnlgWW+CQAGLoj/QFMVwalOGol9hKV2Nww5zz02z9jHNzd243FLjBZNnDwSpKWWIyA1KkMON2bdSK1MCncUpRVWC0TR5BhqtUsZZd8DWFww8qmwkRtlc21y8s8Jx/kMW8lZutDUKyw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1756390038; c=relaxed/simple;
 bh=dp47bXia7YFpSkVbqPYHsGa5yp2nozZ8/H3Z88WqAbM=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=GjErSU5siQUqlDIJlDjCjQkEwzUKpy8sMuvqoS9QQEQPl+Fcb1x3KIMOToPEg4uxCzetJnnL+j7xPg27jmUQJke85O4BNKhYrULhJxcBG2VhujfgRfb3fHp++tJdA5b+okE9x4qvasRh/kj4MmFOXNTikxNeD4gHn6LUhJfBHqk=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 407453858C56
X-MDAV-Result: clean
X-MDAV-Processed: monticello.secure-endpoints.com, Thu,
 28 Aug 2025 10:06:53 -0400
X-MDRemoteIP: 98.11.139.146
X-MDArrival-Date: Thu, 28 Aug 2025 10:06:53 -0400
X-MDOrigin-Country: US, NA
X-Authenticated-Sender: acct-jaltman AT secure-endpoints DOT com
X-Return-Path: prvs=1335afc13a=jaltman AT secure-endpoints DOT com
X-Envelope-From: jaltman AT secure-endpoints DOT com
X-MDaemon-Deliver-To: cygwin AT cygwin DOT com
Message-ID: <9c157bbe-6b7a-41b8-888f-1ecaf8ebdb28@secure-endpoints.com>
Date: Thu, 28 Aug 2025 10:07:16 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: git critical security vulnerability
To: cygwin AT cygwin DOT com
References: <CAAF84SXpLDJDCmRExQiKu0+LeUtUo1yc030H3jisvi+ci99_eg AT mail DOT gmail DOT com>
Content-Language: en-US
Autocrypt: addr=jaltman AT secure-endpoints DOT com; keydata=
 xsFNBEwLlO0BEACu6yWFkd1+qwsGg8ZzgslSkcAKhSegWt5j86DpaRL0W8fxg6YjxwEPvwoH
 BGa/rpSdBd1gkmzeYxD3hVZdj75r6nVS9f/mxNQzW+o1sW4vaeSxKgZSQz5RqHmwPDcqQP66
 +ZSnjV+G88MKwZ9DIzA9AwpJhNAAlAlj3OvsQVsxd1ipc6C4/U3qjHL7Ih22UbPBM71ltIZx
 kqcrAlXPnUTeraJXtfzYbq4mJFJ9JC6/o1NRSjsBvRD+ADxlG50+KccZN4SS5xxdGuh1tA9U
 TydYBQB3YtJbq7CYau2kIYt/3HnyLYGo1s6Ti6cuAJJ/40iIE1xkqhvMiIz/Q+1ztmksJbLQ
 aCtW8kF42nF8MpPdIPTSPr2uGvpRtCjRbh4lgMXgyNUx1wpCEY0X11xce++H8HySmFwryE2y
 kkxUQeMUjaaXZDHYUSyQz7riChFiZ9ax9dmX0wUY/A05v0qcualglpk4wJ2kcsGKUEGkLvnV
 wwvya8zifPwKOw5JlGPvzX8t2m7jB2GXKzvVAsImqOqnDBTKUXWQQZCW9Rqt7acdE8bQ2vqr
 vP+3Ykf4SrPwcuNCDt6QSgjVbhc3hA3hCtE1iW/HhuBAzKiuzJ9era+q9QjTtLPIkQDHRpcC
 MMWvK0Y1uQ34Ql1BfKRA4gc8A7CuVUY6+Ga7PuJWd+FSglvmKQARAQABzS1KZWZmcmV5IEFs
 dG1hbiA8amFsdG1hbkBzZWN1cmUtZW5kcG9pbnRzLmNvbT7CwXYEEwECACAFAkwLltMCGyMG
 CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRD3enNVkraaBIO5D/sHkpJx2Vz7mgUDthBuro7f
 y/FK9MxC6dUTF0H54OjRXPBRQmzDDzpTNmG+8mtPO+FR1QlkupQJpGgFjpUdVnjlq2nGF8sH
 ecCCIKylI9VM3+bqZOEiRWHYxmmfMNDLJTBY5ES8YFsiOvWiCmKJe5YicwysBEcjD75O5JsX
 2ylRJ/NRF3VLI2A/jE1HI7DDgZ8hDkYU2yhV37wUHZPQUS5XYiSaUtn71MI2kIS8rHRPrxHg
 qmRB4uKJDVVW1jdo0/43YAJQr8CitlstluZMmXYOjGZdiG9MDdtWJz7KxEQsQD9XLPvb/aD5
 sGCoBbu26ODnSkz0k2UM5uWknul4zbgt6s2V/HD+uwxmbhJEpzMeLMbWNVDXQH+EcmOnfVYV
 ZalkMA19zkGt0jEbNq3CTx2zSsg1Gq+j6UzRm+kANo+VN3y2izRVtVreQrw1MX6DhvwQsqdI
 gVVINvTaa+2rZhHaDXRsnb3jYaqsvLo7gOUGdwGp3jin4YNHAR8JZ9e+ueUMDEFiYdCHMPJf
 y2HgVh4vNTtO9P6BDIG/DdpOPSlOgKKulbE0BGKMWCkqwAr42SDF0lk5uCvOkEpfDHPLgDbK
 rBehbmhCidGiZsR5ijdhh65CgKFUrBY50/aBeSSjMUCo2kC10oV+N5SdjbOH/M5TC8Yt1oUf
 ATH/Dt7/FZ/GHM7BTQRMC5TtARAA88hJdpgcg2RU/uAWfAL46XZHA59cVpPNNly1tPWCSbG6
 +ONH6nOG/NarmNVxX6Mb9YRkEU6wmrZS85inz3otdyz/zlyNSWma8qGNUlMbiwFQqfXWVBAP
 GoRC0a0aJrd4IayLuvv1UqEwx7Otp7y5RNHtRv35/kho0Z+UheYVdGm2I06xIc+aNKW2LO7R
 5BNtjpADPIG+NSdsVIeamhAWPvLrwbf6mUb//eA9pF0w0QixLVrH/cCoz+S27gCGJvY6zF22
 NgdhnkIqNz8E/LKt6S36ZI9Mw/ixpQTozqRmdNzVQNgTHUZClbJj4iq1EPHB7XqpxOv+awrx
 Sxq2jt8GFD0rU+sAuzW+F7cBoIw434/IrxKYwcPHpHLEVQ1tLP7d3ZpZR30p3oqoliGiLsWv
 HHxyXjuMBF4XJ6MRXmD65/qOhuo2DKduHMNlmxzgSzvWgXZeNJq+OcS8jQZDt2Na2pMKjWyt
 au7xQu2ndm0FwS48ngMrDYRQMxzL1NfnBnT9BCwjiU+/6NBSwcNKIqyea9IpTwsVfkF4/iui
 7xD9+LtzqeUkBAe7q5jEJmJMZhAfh7usZGT8TGxXegCaF4Jwz2nxS4Fv7VRza/yUAOJlc0da
 R11TPeiUNCQWY7PpL1AXO9vaSyjFuOzTnU8vzXvI9fGoxIxKGRQpKMU8PROIFw0AEQEAAcLB
 XwQYAQIACQUCTAuU7QIbDAAKCRD3enNVkraaBIxXD/4xlaBwW2TLFfMvlcY/2XDSm6NO4JaJ
 G2Nzp35xaaBVwMVzWvI+GgTgKNSFot9f4jiLBNQdnq3UKoEThR2ORKVL0ZJS1QYR7yyrOo0M
 teDSy8ofU1FJ6xu4ND3ekOjP20BTrihDpqUdahir2uaRfMkwM+0imOlcutGMhJNF/LAjrhoD
 p9SeDMYBXZ1wfrbrEo/EEu0PbkGyzqPyEPqwN1iSJkcAnjuIA0rTf1jQtJAaDov7yHsSRwUM
 +qTGsjOGQAN3wtYwjPpw7hI01sE+x0uq0pVeo4qeWTZ2TE4Vtp8FKXFAkqnP878q+kNk9Ve+
 DRs8UlRfa9Lgf5ETjXOTVGaT/UGxi9B4oo8k0lzvM/A1txexL/lLw8AULhUeGtyS6D2X9vFi
 6azna+o918R9BV86uXPiDOf1nMwqKchNCxmgH9vd0aQm8TKCrWAW4kU1Ig6aMNuZiWloVZfK
 rmWizbgeGKE9rhNPNqxkqBaA4lrJ8L6bdKbhAOe3NQjO2vUAXB53JphlF74GwEsh+85i9/yI
 bvwJVcsFYhdZz7fCAUOcnFkGnyrwIgkizQ3xXShPW8mqkgUk4kYMnucC4kG/E7pI/4lke5X5
 X9vroXRHB7tkpAgT46SqSM/XTwCaseXG9orDgz3duRTUp6K0++S/qsqTakGVmjD5917A1HqW
 fMmiKA==
Organization: Secure Endpoints, Inc.
In-Reply-To: <CAAF84SXpLDJDCmRExQiKu0+LeUtUo1yc030H3jisvi+ci99_eg@mail.gmail.com>
X-MDCFSigsAdded: secure-endpoints.com
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Jeffrey Altman via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Jeffrey Altman <jaltman AT secure-endpoints DOT com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>

On 8/28/2025 9:44 AM, Michael Cook via Cygwin wrote:
> Apparently, there's a critical security vulnerability in git.
>
> https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/
>
> Cygwin is currently at 2.45.1.
> We're being urged to upgrade to 2.50.1.

2.45.4 is available as a security fix release for the 2.45 version if 
Cygwin wishes a smaller update.

https://lore.kernel.org/git/xmqq5xg2wrd1 DOT fsf AT gitster DOT g/




-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple