Security update: Git v2.14.1-1

Adam Dinwoodie
Mon Aug 14 08:44:00 GMT 2017

Version 2.14.1-1 of Git has been uploaded and should be coming soon to a
mirror near you. This update includes the following packages:

- git
- git-cvs
- git-debuginfo
- git-email
- git-gui
- gitk
- git-p4
- git-svn

This is an update to the latest upstream release, which specifically
fixes CVE-2017-1000117, where a malicious "ssh://..." URL, including one
specified in a .gitmodules file and thus parsed as part of `git clone
--recurse-submodules` or similar, could result in an arbitrary
executable being run on the client system.

For a full list of the upstream changes in this release, please refer to
the upstream changelogs:



More information about the Cygwin-announce mailing list