Not a lot of details yet, but it sounds like a serious vuln in git: https://twitter.com/_staaldraad/status/1001542421161930752 https://marc.info/?l=git&m=152761328506724&w=2 Fixes in 2.17.1 and 2.16.4. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bddfb756c360f23b5542c580c750558972c9ce50 commit bddfb756c360f23b5542c580c750558972c9ce50 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-05-29 23:28:23 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-05-29 23:28:23 +0000 dev-vcs/git: Bump to v2.16.4 & v2.17.1 Bug: https://bugs.gentoo.org/656868 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-vcs/git/Manifest | 6 + dev-vcs/git/git-2.16.4.ebuild | 699 +++++++++++++++++++++++++++++++++++++++++ dev-vcs/git/git-2.17.1.ebuild | 715 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 1420 insertions(+)
@ Arches, please test and mark stable: =dev-vcs/git-2.16.4
New GLSA request filed.
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=826b0d45dfea7e855ce336f4592acd9a1c9149ac commit 826b0d45dfea7e855ce336f4592acd9a1c9149ac Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-05-30 01:29:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-05-30 01:29:01 +0000 dev-vcs/git: drop vulnerable v2.17.0 version Bug: https://bugs.gentoo.org/656868 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-vcs/git/Manifest | 3 - dev-vcs/git/git-2.17.0.ebuild | 715 ------------------------------------------ 2 files changed, 718 deletions(-)
This issue was resolved and addressed in GLSA 201805-13 at https://security.gentoo.org/glsa/201805-13 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
amd64 stable
alpha, ppc, ppc64 stable
arm64 stable with USE=doc stable masked due to bug 511902
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a9cab877a3f7d9e0ce36119bf3e42df41f7628a commit 2a9cab877a3f7d9e0ce36119bf3e42df41f7628a Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-30 20:59:49 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-31 07:50:29 +0000 dev-vcs/git: stable 2.16.4 for sparc Bug: https://bugs.gentoo.org/656868 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-vcs/git/git-2.16.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ecb976eb824d57ac9eb29e3364908e68ffaad86 commit 6ecb976eb824d57ac9eb29e3364908e68ffaad86 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-31 08:12:18 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-31 08:12:18 +0000 dev-vcs/git: stable 2.16.4 for ia64, bug #656868 Bug: https://bugs.gentoo.org/656868 Package-Manager: Portage-2.3.38, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" dev-vcs/git/git-2.16.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
arm stable, please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c26dc163049d56571c740e43ceb75b29f3228d5d commit c26dc163049d56571c740e43ceb75b29f3228d5d Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-05-31 22:50:50 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-05-31 22:51:01 +0000 dev-vcs/git: security cleanup Bug: https://bugs.gentoo.org/656868 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-vcs/git/Manifest | 6 - dev-vcs/git/git-2.16.1.ebuild | 699 ------------------------------------------ dev-vcs/git/git-2.16.3.ebuild | 699 ------------------------------------------ 3 files changed, 1404 deletions(-)
All done, repository is clean.
commit 2de66dc405bca6fd81339685153f7937a6a21dcd Author: Jeroen Roovers <jer@gentoo.org> Date: Fri Jun 1 08:51:20 2018 +0200 dev-vcs/git: Stable for HPPA too.
