ius-coredev team mailing list archive

Thread
Date

[Bug 1404410] Re: Update Request - git2u - For CVE-2014-9390 git client vulnerability

To: ius-coredev@xxxxxxxxxxxxxxxxxxx
From: Carl George <carl.george@xxxxxxxxxxxxx>
Date: Sun, 21 Dec 2014 21:10:05 -0000
Reply-to: Bug 1404410 <1404410@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

We updated this package the same day that vulnerability was announced.

https://github.com/iuscommunity-
pkg/git2u/commit/b1c7d873a2913c99d0a7385deab9bb20eee6b335

It is currently in our testing repos.  You can update to it with the
following command.

yum --enablerepo=ius-testing update git2u

We normally leave packages in the testing repos for two weeks, but we
will move them to stable sooner when CVE's are involved.  I have tagged
this package to move to the stable repos tonight.  It may take up to 24
hours to sync to all mirrors.

** Changed in: ius
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/1404410

Title:
  Update Request - git2u - For CVE-2014-9390 git client vulnerability

Status in IUS Community Project:
  Fix Released

Bug description:
  Please update the git2u package for CentOS 6 to mitgate the reported
  git client vulnerability in CVE-2014-9390, see
  http://article.gmane.org/gmane.linux.kernel/1853266.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/1404410/+subscriptions

References

[Bug 1404410] [NEW] Update Request - git2u - For CVE-2014-9390 git client vulnerability
From: Marc Zampetti, 2014-12-19