Summary: | <dev-vcs/git-2.20: multiple commit signatures can cause confusing %GK/%GS output | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | polynomial-c, robbat2 |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://dev.gentoo.org/~mgorny/articles/attack-on-git-signature-verification.html | ||
Whiteboard: | A4 [glsa+] | ||
Package list: |
dev-vcs/git-2.21.0
|
Runtime testing required: | Yes |
Description
Michał Górny
2019-01-26 10:31:33 UTC
@arches, please stabilize. amd64 stable arm stable x86 stable alpha stable ia64 stable ppc64 stable s390 stable ppc stable arm64 stable This issue was resolved and addressed in GLSA 201904-13 at https://security.gentoo.org/glsa/201904-13 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arches and cleanup sparc finished hppa stable Just waiting on sh, which is not a stable arch, for cleanup to happen... The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb2f4440cf7ff92edb7f91bdb9273ffbaabd506f commit bb2f4440cf7ff92edb7f91bdb9273ffbaabd506f Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-26 23:18:55 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-26 23:18:55 +0000 dev-vcs/git: sh stable (#697962) -EARCHTESTER_TIMEOUT. Bug: https://bugs.gentoo.org/676262 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-vcs/git/git-2.21.0.ebuild | 2 +- dev-vcs/git/git-2.23.0-r1.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) @ maintainer(s): Please cleanup and drop <dev-vcs/git-2.21.0! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05d4cc2c1158ad51c793868a73fad28ba811200f commit 05d4cc2c1158ad51c793868a73fad28ba811200f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-11-03 15:06:20 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-11-03 15:06:38 +0000 dev-vcs/git: Security cleanup Bug: https://bugs.gentoo.org/676262 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> dev-vcs/git/Manifest | 3 - dev-vcs/git/git-2.19.2.ebuild | 709 ------------------------------------------ 2 files changed, 712 deletions(-) Repository is clean, all done! |