From: Akihiko Kawaguchi <a@k7i.jp>
To: cygwin@cygwin.com
Subject: Re: Question on CVE-2018-11235
Date: Fri, 20 Jul 2018 08:51:00 -0000 [thread overview]
Message-ID: <20180720120255.7CAA.F7B0B048@k7i.jp> (raw)
In-Reply-To: <CA+kUOamqSYO7Z=0hsZrRsEqBpDFvG_JYc1vwyaTahTWh9iUxLw@mail.gmail.com>
Adam,
Thank you so much for your prompt reply, and your contribution to git
package maintenance.
I hope your personal life goes well.
I will check your advice.
Best Regards,
Kawaguchi
On Thu, 19 Jul 2018 13:38:51 +0100
Adam Dinwoodie <adam@dinwoodie.org> wrote:
> On Thu, 19 Jul 2018 at 08:56, Akihiko Kawaguchi wrote:
> > Hello,
> >
> > Does anyone know when git client package to fix the following
> > vulnerability will be released for Cygwin?
> >
> > https://nvd.nist.gov/vuln/detail/CVE-2018-11235
> >
> > Currently, all the versions I can choose on Cygwin installer are
> > 2.16.1-1, 2.16.2-1 or 2.17.0-1.
>
> I'm afraid personal life has got in the way of me producing a more
> up-to-date version of Git since the versions you've found. I'll
> produce a new release when I get the chance, but I don't want to
> commit to any particular dates at this point.
>
> In the meantime, I'd suggest either not cloning untrusted repositories
> while using the `--recurse-submodules` option (or, as general security
> practice, not cloning untrusted repositories at all), or compiling Git
> locally yourself.
>
> As a general point, if people want to compile Git themselves, it's
> normally straightforward, either using the upstream Git sources, or
> using the Cygport packaging sources from
> https://github.com/me-and/Cygwin-Git. I only haven't released it
> myself because I have a higher bar for making sure the test suite
> passes and so forth for something that'll be used by a significant
> chunk of the Cygwin user base, than for something that's only going to
> be used by me.
>
> Adam
> Your local friendly Git package maintainer
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
prev parent reply other threads:[~2018-07-20 3:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 15:20 Akihiko Kawaguchi
2018-07-19 17:07 ` Adam Dinwoodie
2018-07-20 8:51 ` Akihiko Kawaguchi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180720120255.7CAA.F7B0B048@k7i.jp \
--to=a@k7i.jp \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).