Summary: | <dev-vcs/git-{2.35.5, 2.37.4, 2.38.1}: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bertrand, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=931941 | ||
Whiteboard: | ?? [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 877571 | ||
Bug Blocks: |
Description
Sam James
2022-10-18 17:35:32 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c16537f9b0375835920b82c9f506456dd3d47f44 commit c16537f9b0375835920b82c9f506456dd3d47f44 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2022-10-18 17:55:44 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2022-10-18 17:57:39 +0000 dev-vcs/git: bump for security: CVE 2022-39253, CVE 2022-39260 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> Bug: https://bugs.gentoo.org/show_bug.cgi?id=877565 dev-vcs/git/Manifest | 9 + dev-vcs/git/git-2.35.5.ebuild | 641 +++++++++++++++++++++++++++++++++++++++++ dev-vcs/git/git-2.37.4.ebuild | 647 +++++++++++++++++++++++++++++++++++++++++ dev-vcs/git/git-2.38.1.ebuild | 657 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 1954 insertions(+) Hmm, howcome some of these fixed versions got dropped just now, after being stabilized for over a week? Nuked the wrong ones by mistake? Seems like 2.35.5 and 2.37.4 should have been kept while 2.37.3 should have been dropped, unless I'm missing something…? https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-vcs/git?id=e12290707327a6489359e967486570d4b6b0307a (In reply to Michael Moon from comment #2) > Hmm, howcome some of these fixed versions got dropped just now, after being > stabilized for over a week? > > Nuked the wrong ones by mistake? Seems like 2.35.5 and 2.37.4 should have > been kept while 2.37.3 should have been dropped, unless I'm missing > something…? > > https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-vcs/ > git?id=e12290707327a6489359e967486570d4b6b0307a Fixed just a moment ago: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=128f0d0b967059c5564bb96efee2586b84c2f83d The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2c2ec5453e20060d4ec1717825d2874f0e663f91 commit 2c2ec5453e20060d4ec1717825d2874f0e663f91 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-27 07:49:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-27 07:49:42 +0000 [ GLSA 202312-15 ] Git: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/838127 Bug: https://bugs.gentoo.org/857831 Bug: https://bugs.gentoo.org/877565 Bug: https://bugs.gentoo.org/891221 Bug: https://bugs.gentoo.org/894472 Bug: https://bugs.gentoo.org/905088 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-15.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) |