* Git Vulnerability Announced?
@ 2018-05-31 15:57 Erika Voss
2018-05-31 15:59 ` Randall S. Becker
0 siblings, 1 reply; 4+ messages in thread
From: Erika Voss @ 2018-05-31 15:57 UTC (permalink / raw)
To: git@vger.kernel.org
Good morning,
There was an article I came across yesterday identifying a vulnerability to patch our Git environments. I don’t see one that is available for our Mac Clients - is there a more recent one that I can download that is available to patch the 2.17.0 version?
Thank you,
Erika
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Git Vulnerability Announced?
2018-05-31 15:57 Git Vulnerability Announced? Erika Voss
@ 2018-05-31 15:59 ` Randall S. Becker
2018-05-31 16:00 ` Erika Voss
0 siblings, 1 reply; 4+ messages in thread
From: Randall S. Becker @ 2018-05-31 15:59 UTC (permalink / raw)
To: 'Erika Voss', git
On May 31, 2018 11:57 AM, Erika Voss wrote:
> There was an article I came across yesterday identifying a vulnerability to
> patch our Git environments. I don’t see one that is available for our Mac
> Clients - is there a more recent one that I can download that is available to
> patch the 2.17.0 version?
Do you have a reference, CVE number, or other information about this vulnerability?
Cheers,
Randall
-- Brief whoami:
NonStop developer since approximately 211288444200000000
UNIX developer since approximately 421664400
-- In my real life, I talk too much.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Git Vulnerability Announced?
2018-05-31 15:59 ` Randall S. Becker
@ 2018-05-31 16:00 ` Erika Voss
2018-05-31 16:39 ` Jeff King
0 siblings, 1 reply; 4+ messages in thread
From: Erika Voss @ 2018-05-31 16:00 UTC (permalink / raw)
To: Randall S. Becker, git@vger.kernel.org
Hi Randall,
Yes here is what was sent to me -
https://www.theregister.co.uk/2018/05/30/git_vulnerability_could_lead_to_an_attack_of_the_repo_clones/
https://www.debian.org/security/2018/dsa-4212
The one that I could find from online was:
https://git-scm.com/download/mac
But, the latest version available on this site was 2.17.0, which does not include the security patch.
Thank you,
Erika
On 5/31/18, 8:59 AM, "Randall S. Becker" <rsbecker@nexbridge.com> wrote:
On May 31, 2018 11:57 AM, Erika Voss wrote:
> There was an article I came across yesterday identifying a vulnerability to
> patch our Git environments. I don’t see one that is available for our Mac
> Clients - is there a more recent one that I can download that is available to
> patch the 2.17.0 version?
Do you have a reference, CVE number, or other information about this vulnerability?
Cheers,
Randall
-- Brief whoami:
NonStop developer since approximately 211288444200000000
UNIX developer since approximately 421664400
-- In my real life, I talk too much.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Git Vulnerability Announced?
2018-05-31 16:00 ` Erika Voss
@ 2018-05-31 16:39 ` Jeff King
0 siblings, 0 replies; 4+ messages in thread
From: Jeff King @ 2018-05-31 16:39 UTC (permalink / raw)
To: Erika Voss; +Cc: Randall S. Becker, git@vger.kernel.org
On Thu, May 31, 2018 at 04:00:38PM +0000, Erika Voss wrote:
> Yes here is what was sent to me -
>
> https://www.theregister.co.uk/2018/05/30/git_vulnerability_could_lead_to_an_attack_of_the_repo_clones/
> https://www.debian.org/security/2018/dsa-4212
Yeah, the release announcement from the project is at:
https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct.c.googlers.com/
> The one that I could find from online was:
> https://git-scm.com/download/mac
>
> But, the latest version available on this site was 2.17.0, which does
> not include the security patch.
The binary installs for MacOS are done by a third party, and sometimes
lag the source releases. You can build it from source yourself, either
from a tarball:
https://git.kernel.org/pub/software/scm/git/git-2.17.1.tar.gz
or by cloning with git:
https://kernel.org/pub/scm/git/git.git
There are some instructions in the INSTALL file, which you can also read
online:
https://github.com/git/git/blob/master/INSTALL
You can also use Homebrew to install, which usually updates to new
versions pretty promptly:
https://brew.sh/
-Peff
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-05-31 16:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-31 15:57 Git Vulnerability Announced? Erika Voss
2018-05-31 15:59 ` Randall S. Becker
2018-05-31 16:00 ` Erika Voss
2018-05-31 16:39 ` Jeff King
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).