GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Fri, 17 Feb 2023 18:05:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #38 received at 61583 <at> debbugs.gnu.org (full text, mbox):

From: Josselin Poiret <dev <at> jpoiret.xyz>
To: Leo Famulari <leo <at> famulari.name>, zimoun <zimon.toutoune <at> gmail.com>
Cc: 61583 <at> debbugs.gnu.org, Greg Hogan <code <at> greghogan.com>
Subject: Re: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes
 CVE-2023-22490 & CVE-2023-23946].
Date: Sat, 04 Mar 2023 18:52:58 +0100

[Message part 1 (text/plain, inline)]

Hi Leo,

"Leo Famulari" <leo <at> famulari.name> writes:

> Changing the Git package shouldn't affect fixed-output derivations that fetch from Git. If they do, that's a recent and very serious bug.

Whoops, you're right, I completely ignored that.  I agree with you and
Tobias about pushing to master immediately then!

Best,
-- 
Josselin Poiret

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 2 years and 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #61583 [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].