https://github.com/blog/1938-vulnerability-announced-update-your-git-clients http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html Note, nearly everyone in Gentoo land should be fine as the vulnerability only affects git clones on case-insensitive file systems or on HFS+.
+*git-2.2.1 (18 Dec 2014) +*git-2.1.4 (18 Dec 2014) +*git-2.0.5 (18 Dec 2014) +*git-1.9.5 (18 Dec 2014) +*git-1.8.5.6 (18 Dec 2014) + + 18 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> +git-1.8.5.6.ebuild, + -git-1.9.3.ebuild, +git-1.9.5.ebuild, +git-2.0.5.ebuild, -git-2.1.3.ebuild, + +git-2.1.4.ebuild, -git-2.2.0.ebuild, +git-2.2.1.ebuild, + -files/git-1.8.4-optional-cvs.patch: + Security bump (bug #532984). Removed old. + Arches please test and mark stable the following versions: =dev-vcs/git-1.8.5.6 =dev-vcs/git-1.9.5 =dev-vcs/git-2.0.5 Target KEYWORDS are: alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
amd64 stable
x86 stable
Stable for HPPA.
alpha stable
arm stable
ppc stable
ppc64 stable
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
+ 26 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> -git-1.8.3.2-r1.ebuild, + -git-1.8.5.5.ebuild, -git-2.0.4.ebuild, -files/git-1.8.2-optional-cvs.patch, + -files/git-daemon.initd: + Removed vulnerable versions. +
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201509-06 at https://security.gentoo.org/glsa/201509-06 by GLSA coordinator Kristian Fiskerstrand (K_F).