GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Fri, 17 Feb 2023 18:05:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Josselin Poiret <dev <at> jpoiret.xyz>
To: Leo Famulari <leo <at> famulari.name>, Simon Tournier <zimon.toutoune <at> gmail.com>
Cc: 61583 <at> debbugs.gnu.org, Greg Hogan <code <at> greghogan.com>
Subject: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].
Date: Sat, 04 Mar 2023 11:30:57 +0100

[Message part 1 (text/plain, inline)]

Hi Leo,

Leo Famulari <leo <at> famulari.name> writes:

> That's not a significant number of packages.
>
> Overall, git and git-minimal will cause more than 300 rebuilds, but not
> too many for the current state of the build farm.
>
> Concretely, why can't we push this to master immediately?

`guix refresh` is not great for core packages: it only detects things
that depend on other packages through inputs. Here though, git is used
indirectly by git-fetch origins, and would affect the dependency graph a
lot more.  I think this should be grafted to avoid too many rebuilds,
and ungrafted on core-updates (maybe now, maybe after the big
core-updates merge).

Best,
-- 
Josselin Poiret

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 2 years and 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #61583 [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].