This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Major Git vulnerability announced; when can we expect an update to the Cygwin git package?


On 12/22/2014 7:06 AM, Adam Dinwoodie wrote:
On Thu, Dec 18, 2014 at 03:50:52PM -0800, Richard Mehlinger wrote:
Git has announced a major vulnerability, allowing attackers to set up
a malicious git repository that can be used to take over a client
computer: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients.
Maintenance releases are already out for current Git versions.

My question is: When can we expect an update to the Cygwin git package
to address these concerns?

I'm aware of the vulnerability and intend to publish a new package as
soon as possible.  A combination of the holiday period, technical
problems and assorted other real life is making this more difficult than
I would like, but I expect to get it released by 11 January at the
absolute latest, and hopefully much sooner than that.

Meanwhile, if you're concerned, I found that the latest git from github
built and installed (to /usr/local/bin, etc.) quite easily.

Regards -- Eliot Moss

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]