GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Fri, 17 Feb 2023 18:05:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 61583 <at> debbugs.gnu.org
Cc: dev <at> jpoiret.xyz, zimon.toutoune <at> gmail.com, me <at> tobias.gr, code <at> greghogan.com, leo <at> famulari.name
Subject: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].
Date: Mon, 06 Mar 2023 07:54:12 -0500

Hi,

Tobias Geerinckx-Rice via Guix-patches via <guix-patches <at> gnu.org>
writes:

> Leo Famulari 写道：
>> I'm AFK, only have my phone today . But, please try updating Git and
>> check if the fixed-output source derivations change.
>
> …and if not, shall we agree to push this?  (It's a yes from me, dog.)
>
> Kind regards,

As long as it doesn't touch git-minimal/fixed, we should be OK,
otherwise it causes thousands of rebuilds (see the revert of
8a9bf794e184934e1432f25f4954117d4b46f655, where I got bitten by this).

I don't recall why it causes so many rebuilds.

-- 
Thanks,
Maxim

This bug report was last modified 2 years and 77 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #61583 [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].