GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Fri, 17 Feb 2023 18:05:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Simon Tournier <zimon.toutoune <at> gmail.com>
Cc: Josselin Poiret <dev <at> jpoiret.xyz>, 61583 <at> debbugs.gnu.org, Mathieu Othacehe <othacehe <at> gnu.org>, Ludovic Courtès <ludo <at> gnu.org>, Christopher Baines <mail <at> cbaines.net>, Greg Hogan <code <at> greghogan.com>, Ricardo Wurmus <rekado <at> elephly.net>
Subject: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].
Date: Fri, 03 Mar 2023 20:33:59 +0100

[Message part 1 (text/plain, inline)]
Hi,

I'd ask ‘why can we not simply graft this’ but…

Simon Tournier 写道:
>> As noticed previously for an update of Git, this implies a lot 
>> of
>> rebuilds because git-minimal inherits from git.
>
> Well, I locally rebuilt all and maybe a couple of packages 
> break.  The
> rebuild is intensive and I do not know if such update should to 
> master
> or core-updates and/or use some grafts.

Packages that built with .1 break with .2?  That's not a very 
semantic versioning :-/

What broke?  Then I can test just those.

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.