Re: Git Vulnerability Announced?
On Thu, May 31, 2018 at 04:00:38PM +, Erika Voss wrote: > Yes here is what was sent to me - > > https://www.theregister.co.uk/2018/05/30/git_vulnerability_could_lead_to_an_attack_of_the_repo_clones/ > https://www.debian.org/security/2018/dsa-4212 Yeah, the release announcement from the project is at: https://public-inbox.org/git/xmqqy3g2flb6@gitster-ct.c.googlers.com/ > The one that I could find from online was: > https://git-scm.com/download/mac > > But, the latest version available on this site was 2.17.0, which does > not include the security patch. The binary installs for MacOS are done by a third party, and sometimes lag the source releases. You can build it from source yourself, either from a tarball: https://git.kernel.org/pub/software/scm/git/git-2.17.1.tar.gz or by cloning with git: https://kernel.org/pub/scm/git/git.git There are some instructions in the INSTALL file, which you can also read online: https://github.com/git/git/blob/master/INSTALL You can also use Homebrew to install, which usually updates to new versions pretty promptly: https://brew.sh/ -Peff
Re: Git Vulnerability Announced?
Hi Randall, Yes here is what was sent to me - https://www.theregister.co.uk/2018/05/30/git_vulnerability_could_lead_to_an_attack_of_the_repo_clones/ https://www.debian.org/security/2018/dsa-4212 The one that I could find from online was: https://git-scm.com/download/mac But, the latest version available on this site was 2.17.0, which does not include the security patch. Thank you, Erika On 5/31/18, 8:59 AM, "Randall S. Becker" wrote: On May 31, 2018 11:57 AM, Erika Voss wrote: > There was an article I came across yesterday identifying a vulnerability to > patch our Git environments. I don’t see one that is available for our Mac > Clients - is there a more recent one that I can download that is available to > patch the 2.17.0 version? Do you have a reference, CVE number, or other information about this vulnerability? Cheers, Randall -- Brief whoami: NonStop developer since approximately 2112884442 UNIX developer since approximately 421664400 -- In my real life, I talk too much.
RE: Git Vulnerability Announced?
On May 31, 2018 11:57 AM, Erika Voss wrote: > There was an article I came across yesterday identifying a vulnerability to > patch our Git environments. I don’t see one that is available for our Mac > Clients - is there a more recent one that I can download that is available to > patch the 2.17.0 version? Do you have a reference, CVE number, or other information about this vulnerability? Cheers, Randall -- Brief whoami: NonStop developer since approximately 2112884442 UNIX developer since approximately 421664400 -- In my real life, I talk too much.
