* Git 2.17.1 security update CVE-2018-{11234,11235}
@ 2018-05-29 20:07 Leo Famulari
2018-05-29 20:14 ` Tobias Geerinckx-Rice
2018-05-29 21:03 ` Leo Famulari
0 siblings, 2 replies; 3+ messages in thread
From: Leo Famulari @ 2018-05-29 20:07 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 554 bytes --]
I just pushed commit b50196c3a4275bc51a614f6c1945b2272c595ab8 which
updates Git to 2.17.1, fixing some serious security vulnerabilities:
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
https://marc.info/?l=git&m=152761328506724&w=2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
The summary is that a malicious Git remote can execute arbitrary code on
your machine when you clone from the remote, so please update ASAP.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Git 2.17.1 security update CVE-2018-{11234,11235}
2018-05-29 20:07 Git 2.17.1 security update CVE-2018-{11234,11235} Leo Famulari
@ 2018-05-29 20:14 ` Tobias Geerinckx-Rice
2018-05-29 21:03 ` Leo Famulari
1 sibling, 0 replies; 3+ messages in thread
From: Tobias Geerinckx-Rice @ 2018-05-29 20:14 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo,
Leo Famulari wrote:
> The summary is that a malicious Git remote can execute arbitrary
> code on
> your machine when you clone from the remote, so please update
> ASAP.
Thanks for this explicit heads-up!
Kind regards,
T G-R
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Git 2.17.1 security update CVE-2018-{11234,11235}
2018-05-29 20:07 Git 2.17.1 security update CVE-2018-{11234,11235} Leo Famulari
2018-05-29 20:14 ` Tobias Geerinckx-Rice
@ 2018-05-29 21:03 ` Leo Famulari
1 sibling, 0 replies; 3+ messages in thread
From: Leo Famulari @ 2018-05-29 21:03 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 380 bytes --]
On Tue, May 29, 2018 at 04:07:48PM -0400, Leo Famulari wrote:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11234
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
For anyone who is confused, the original announcement on MSDN mistakenly
mentioned CVE-2018-11234, which is apparently incorrect. The correct CVE
IDs are CVE-2018-11233 and CVE-2018-11235.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-05-29 21:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-29 20:07 Git 2.17.1 security update CVE-2018-{11234,11235} Leo Famulari
2018-05-29 20:14 ` Tobias Geerinckx-Rice
2018-05-29 21:03 ` Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).