On Wed, 27 Sep 2017 09:06:08 -0600 (MDT), Daniel Jakots <d...@openbsd.org> wrote:
> CVSROOT: /cvs > Module name: ports > Changes by: d...@cvs.openbsd.org 2017/09/27 09:06:08 > > Modified files: > devel/git : Makefile distinfo > devel/git/patches: patch-Makefile patch-gitweb_gitweb_perl > patch-t_test-lib_sh > Removed files: > devel/git/patches: patch-t_t0001-init_sh > patch-t_t4062-diff-pickaxe_sh > patch-t_t7004-tag_sh > > Log message: > Security update to git-2.14.2 > > The `git` subcommand `cvsserver` is a Perl script which makes > excessive use of the backtick operator to invoke `git`. Unfortunately > user input is used within some of those invocations. > http://seclists.org/oss-sec/2017/q3/att-534/git_cvsserver.txt > > ok benoit@ (maintainer), "Fix should go in" sthen@ > Oops, I forgot to mention it was tested by Jacqueline Jolicoeur and Matthew Martin. Thanks a lot!
