From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-announce-return-8222-listarch-cygwin-announce=sources.redhat.com@cygwin.com>
Received: (qmail 124166 invoked by alias); 14 Aug 2017 08:44:13 -0000
Mailing-List: contact cygwin-announce-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin-announce.cygwin.com>
List-Subscribe: <mailto:cygwin-announce-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-announce/>
List-Post: <mailto:cygwin-announce@cygwin.com>
List-Help: <mailto:cygwin-announce-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-announce-owner@cygwin.com
Reply-To: The Cygwin Mailing List <cygwin@cygwin.com>
Mail-Followup-To: cygwin-announce@cygwin.com
Received: (qmail 5044 invoked by uid 89); 14 Aug 2017 08:33:41 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=sk:kernel., H*F:U*adam, enjoy, H*Ad:U*cygwin-announce
X-HELO: mail-wr0-f171.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:subject:message-id:mime-version
         :content-disposition:user-agent;
        bh=R+6alfCz/Rv27SD8/ridzBlZVLJ0Jc3029D7m6YjqZI=;
        b=GwIF3SRMxAcVKceGoJuW/rYSqtxriYbe0PNpoVh8FTe05MGGuvqpeP+pS5JLr3c6G+
         spkuuDIqqNO/yp1XvQvN9jWVA/MLeKQPjqBWvRIxWCHnzVcoQnhlmwlwlRILBOjiWqZU
         OywxdVPLtX5RDkyX9mKstd9IG2xHqM7ogeR83OIVB7ur8E8v1RgMbP/++0yA4ADiHuPr
         s7LzWQON9SK/8foxLleEBPRIyjTQG9KOWyVM3AYFA34Z3cLEYfG17w8uvD840oKxGZnD
         c2zvJVjMnaafasqoE6JkWoyDSsav85ecgweJyGwxyQlbPuhhamSrKs0/jMPM+h9sdqQQ
         Z6tQ==
X-Gm-Message-State: AHYfb5heAb6uP5IEM6SyXgHG1gJ1w4Rxe4LNiI2So6i9kf3IaL5BRhrE
	n2pr0m4EtW1YSdegi8k4HQ==
X-Received: by 10.223.163.199 with SMTP id m7mr15845809wrb.128.1502699607519;
        Mon, 14 Aug 2017 01:33:27 -0700 (PDT)
Date: Mon, 14 Aug 2017 08:44:00 -0000
From: Adam Dinwoodie <adam@dinwoodie.org>
To: cygwin-announce@cygwin.com
Subject: Security update: Git v2.14.1-1
Message-ID: <20170814083324.GG32640@dinwoodie.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
X-SW-Source: 2017-08/txt/msg00010.txt.bz2

Version 2.14.1-1 of Git has been uploaded and should be coming soon to a
mirror near you. This update includes the following packages:

- git
- git-cvs
- git-debuginfo
- git-email
- git-gui
- gitk
- git-p4
- git-svn

This is an update to the latest upstream release, which specifically
fixes CVE-2017-1000117, where a malicious "ssh://..." URL, including one
specified in a .gitmodules file and thus parsed as part of `git clone
--recurse-submodules` or similar, could result in an arbitrary
executable being run on the client system.

For a full list of the upstream changes in this release, please refer to
the upstream changelogs:

https://git.kernel.org/cgit/git/git.git/tree/Documentation/RelNotes
https://kernel.googlesource.com/pub/scm/git/git.git/+/master/Documentation/RelNotes/
https://github.com/gitster/git/tree/master/Documentation/RelNotes

Enjoy!

Adam