This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Major Git vulnerability announced; when can we expect an update to the Cygwin git package?
- From: Adam Dinwoodie <adam at dinwoodie dot org>
- To: cygwin at cygwin dot com
- Date: Mon, 22 Dec 2014 12:06:29 +0000
- Subject: Re: Major Git vulnerability announced; when can we expect an update to the Cygwin git package?
- Authentication-results: sourceware.org; auth=none
- References: <CAKL2AYOa3LNYC7xgg_8xUqiej10X47HUB4QQK5xUnJZR7mn_Eg at mail dot gmail dot com>
On Thu, Dec 18, 2014 at 03:50:52PM -0800, Richard Mehlinger wrote:
> Git has announced a major vulnerability, allowing attackers to set up
> a malicious git repository that can be used to take over a client
> computer: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients.
> Maintenance releases are already out for current Git versions.
>
> My question is: When can we expect an update to the Cygwin git package
> to address these concerns?
I'm aware of the vulnerability and intend to publish a new package as
soon as possible. A combination of the holiday period, technical
problems and assorted other real life is making this more difficult than
I would like, but I expect to get it released by 11 January at the
absolute latest, and hopefully much sooner than that.
Adam
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple