Security update: Git v2.14.1-1

Adam Dinwoodie adam@dinwoodie.org
Mon Aug 14 08:44:00 GMT 2017


Version 2.14.1-1 of Git has been uploaded and should be coming soon to a
mirror near you. This update includes the following packages:

- git
- git-cvs
- git-debuginfo
- git-email
- git-gui
- gitk
- git-p4
- git-svn

This is an update to the latest upstream release, which specifically
fixes CVE-2017-1000117, where a malicious "ssh://..." URL, including one
specified in a .gitmodules file and thus parsed as part of `git clone
--recurse-submodules` or similar, could result in an arbitrary
executable being run on the client system.

For a full list of the upstream changes in this release, please refer to
the upstream changelogs:

https://git.kernel.org/cgit/git/git.git/tree/Documentation/RelNotes
https://kernel.googlesource.com/pub/scm/git/git.git/+/master/Documentation/RelNotes/
https://github.com/gitster/git/tree/master/Documentation/RelNotes

Enjoy!

Adam



More information about the Cygwin-announce mailing list