Date: Thu, 18 Dec 2014 17:15:39 -0800 From: Reed Loden <reed@...dloden.com> To: oss-security@...ts.openwall.com Cc: Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: request for CVEs for git clients http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html says CVE-2014-9390 is already assigned. ~reed On Thu, Dec 18, 2014 at 3:38 PM, Kurt Seifried <kseifried@...hat.com> wrote: > > Can we please get CVEs for > > https://github.com/blog/1938-vulnerability-announced-update-your-git-clients > > In addition, the following updated versions of Git address this > vulnerability: > > The Git core team has announced maintenance releases for all current > versions of Git (v220.127.116.11, v1.9.5, v2.0.5, v2.1.4, and v2.2.1). > > Git for Windows (also known as MSysGit) has released maintenance version > 1.9.5. > > The two major Git libraries, libgit2 and JGit, have released maintenance > versions with the fix. Third party software using these libraries is > strongly encouraged to update. > > ==== > > looks like most Linux users are ok though "The vulnerability concerns > Git and Git-compatible clients that access Git repositories in a > case-insensitive or case-normalizing filesystem." > > > -- > Kurt Seifried -- Red Hat -- Product Security -- Cloud > PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.