GNU bug report logs - #55001
[PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].

Previous Next

Package: guix-patches;

Reported by: Zhu Zihao <all_but_last <at> 163.com>

Date: Mon, 18 Apr 2022 13:44:01 UTC

Severity: normal

Tags: patch

Done: Mathieu Othacehe <othacehe <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 55001 <at> debbugs.gnu.org (full text, mbox):

From: Zhu Zihao <all_but_last <at> 163.com>
To: Greg Hogan <code <at> greghogan.com>
Cc: 55001 <at> debbugs.gnu.org
Subject: Re: [bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes
 CVE-2022-24765].
Date: Tue, 19 Apr 2022 00:02:40 +0800

[Message part 1 (text/plain, inline)]

Greg Hogan <code <at> greghogan.com> writes:

> Hi Zihao,
>
> Is this not a Windows-only vulnerability and bugfix release (also CVE-2022-24767)?
>
> Greg
>
> On Mon, Apr 18, 2022 at 9:44 AM Zhu Zihao <all_but_last <at> 163.com> wrote:
>
>  -- 
>  Retrieve my PGP public key:
>
>    gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F
>
>  Zihao

Hi.

https://www.phoronix.com/scan.php?page=news_item&px=Git-CVE-2022-24765

This article says "likely due to only affect Microsoft Windows". I
haven't test this CVE on *nix systems.

If it doesn't affect Guix systems, should I remove "[fixes
CVE-2022-24765]" in the git commit message or leave it there?

-- 
Retrieve my PGP public key:

  gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 3 years and 29 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #55001 [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].

GNU bug report logs - #55001
[PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].