Bug 702296 (CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604)

Comment 1 Robin Johnson 2019-12-08 21:42:59 UTC

security:
ACK email CSR-20191210-1. Will try to be available to bump at the embargo time end. Please contact me if it leaks early.

Comment 2 Lars Wendler (Polynomial-C) (RETIRED) 2019-12-08 23:40:52 UTC

Also email ACK. If Robin cannot be present in time I will be his backup.

Comment 3 Robin Johnson 2019-12-10 18:59:35 UTC

security:
This appears to have dropped upstream BEFORE the embargo deadline.
Tarballs appeared on the kernel.org mirrors an hour before the deadline, and the commits were visible in repos as of 2019/12/10 07:07 UTC.

Comment 4 Robin Johnson 2019-12-10 19:39:56 UTC

commit e2c18c18104d5ef0c65195f6f51af9f8ca861dda contains the bumps.

arches, please test & stabilize:
dev-vcs/git-2.21.1
dev-vcs/git-2.23.1-r1
dev-vcs/git-2.24.1

Comment 5 Mikle Kolyada (RETIRED) 2019-12-11 12:52:35 UTC

amd64 stable

Comment 6 Aaron Bauman (RETIRED) 2019-12-11 14:32:19 UTC

arm64 stable

Comment 7 Rolf Eike Beer 2019-12-11 20:03:48 UTC

sparc stable

Comment 8 Sergei Trofimovich (RETIRED) 2019-12-12 21:56:05 UTC

ia64 stable

Comment 9 Thomas Deutschmann (RETIRED) 2019-12-13 00:08:55 UTC

x86 stable

Comment 10 Mikle Kolyada (RETIRED) 2019-12-24 14:04:53 UTC

arm stable

Comment 11 Sergei Trofimovich (RETIRED) 2019-12-25 21:00:27 UTC

ppc stable

Comment 12 Agostino Sarubbo 2020-01-03 13:57:51 UTC

s390 stable

Comment 13 Agostino Sarubbo 2020-02-12 09:35:48 UTC

ppc64 stable

Comment 14 Mikle Kolyada (RETIRED) 2020-03-15 12:53:57 UTC

sh stable

Comment 15 Thomas Deutschmann (RETIRED) 2020-03-15 16:52:01 UTC

New GLSA request filed.

Comment 16 GLSAMaker/CVETool Bot 2020-03-15 17:00:45 UTC

This issue was resolved and addressed in
 GLSA 202003-30 at https://security.gentoo.org/glsa/202003-30
by GLSA coordinator Thomas Deutschmann (whissi).