Major Git vulnerability announced; when can we expect an update to the Cygwin git package?

Eliot Moss
Mon Dec 22 15:14:00 GMT 2014

On 12/22/2014 7:06 AM, Adam Dinwoodie wrote:
> On Thu, Dec 18, 2014 at 03:50:52PM -0800, Richard Mehlinger wrote:
>> Git has announced a major vulnerability, allowing attackers to set up
>> a malicious git repository that can be used to take over a client
>> computer:
>> Maintenance releases are already out for current Git versions.
>> My question is: When can we expect an update to the Cygwin git package
>> to address these concerns?
> I'm aware of the vulnerability and intend to publish a new package as
> soon as possible.  A combination of the holiday period, technical
> problems and assorted other real life is making this more difficult than
> I would like, but I expect to get it released by 11 January at the
> absolute latest, and hopefully much sooner than that.

Meanwhile, if you're concerned, I found that the latest git from github
built and installed (to /usr/local/bin, etc.) quite easily.

Regards -- Eliot Moss

Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list