Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702296 (CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604) - <dev-vcs/git-{2.21.1,2.23.1-r1,2.24.1}: multiple vulnerabilities
Summary: <dev-vcs/git-{2.21.1,2.23.1-r1,2.24.1}: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [stable]
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2019-12-08 18:52 UTC by Thomas Deutschmann
Modified: 2020-02-12 09:35 UTC (History)
3 users (show)

See Also:
Package list:
dev-vcs/git-2.21.1 dev-vcs/git-2.23.1-r1 dev-vcs/git-2.24.1
Runtime testing required: Yes
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2019-12-08 18:52:25 UTC
Incoming details.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2019-12-08 21:42:59 UTC
security:
ACK email CSR-20191210-1. Will try to be available to bump at the embargo time end. Please contact me if it leaks early.
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2019-12-08 23:40:52 UTC
Also email ACK. If Robin cannot be present in time I will be his backup.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2019-12-10 18:59:35 UTC
security:
This appears to have dropped upstream BEFORE the embargo deadline.
Tarballs appeared on the kernel.org mirrors an hour before the deadline, and the commits were visible in repos as of 2019/12/10 07:07 UTC.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2019-12-10 19:39:56 UTC
commit e2c18c18104d5ef0c65195f6f51af9f8ca861dda contains the bumps.

arches, please test & stabilize:
dev-vcs/git-2.21.1
dev-vcs/git-2.23.1-r1
dev-vcs/git-2.24.1
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-12-11 12:52:35 UTC
amd64 stable
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-12-11 14:32:19 UTC
arm64 stable
Comment 7 Rolf Eike Beer 2019-12-11 20:03:48 UTC
sparc stable
Comment 8 Sergei Trofimovich gentoo-dev 2019-12-12 21:56:05 UTC
ia64 stable
Comment 9 Thomas Deutschmann gentoo-dev Security 2019-12-13 00:08:55 UTC
x86 stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-12-24 14:04:53 UTC
arm stable
Comment 11 Sergei Trofimovich gentoo-dev 2019-12-25 21:00:27 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-01-03 13:57:51 UTC
s390 stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-02-12 09:35:48 UTC
ppc64 stable