Everybody please update their git clients (SECURITY)
Moderator: Oberlus
Everybody please update their git clients (SECURITY)
Git (<=2.26) can be made to leak credentials. git >= 2.26.1 fixes this.
https://github.blog/2020-04-14-git-cred ... announced/
https://github.blog/2020-04-14-git-cred ... announced/
Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.
Look, ma... four combat bouts!
Look, ma... four combat bouts!
Re: Everybody please update their git clients (SECURITY)
Thanks for the notice!
I successfully upgraded my Ubuntu 18.04 git to 2.26.1 by doing this:
Code: Select all
sudo add-apt-repository ppa:git-core/ppa
sudo apt update
sudo apt upgrade
Re: Everybody please update their git clients (SECURITY)
Hm.Oberlus wrote: ↑Wed Apr 15, 2020 7:51 pmThanks for the notice!
I successfully upgraded my Ubuntu 18.04 git to 2.26.1 by doing this:
Code: Select all
sudo add-apt-repository ppa:git-core/ppa sudo apt update sudo apt upgrade
I would be pretty sure that ubuntu 18.04 has fixes available at the time of disclosure.. ah, found it https://usn.ubuntu.com/4329-1/
Code: Select all
Ubuntu 18.04 LTS
git - 1:2.17.1-1ubuntu0.6
Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.
Look, ma... four combat bouts!
Look, ma... four combat bouts!
Re: Everybody please update their git clients (SECURITY)
Well, I first tried sudo apt upgrade and got 0 updates, so I looked for a newest version. Maybe it got installed automatically a few hours earlier.
if 2.26 causes any trouble I'll revert back.Otherwise I'm ahead of my time
if 2.26 causes any trouble I'll revert back.Otherwise I'm ahead of my time
- adrian_broher
- Programmer
- Posts: 1156
- Joined: Fri Mar 01, 2013 9:52 am
- Location: Germany
Re: Everybody please update their git clients (SECURITY)
Resident code gremlin
Attached patches are released under GPL 2.0 or later.
Git author: Marcel Metz
Attached patches are released under GPL 2.0 or later.
Git author: Marcel Metz
Re: Everybody please update their git clients (SECURITY)
Almost missed the link in the first line of the blog post.adrian_broher wrote: ↑Tue Apr 21, 2020 11:02 pm The blog article is incomplete:
https://github.com/git/git/security/adv ... -c969-7j4q
Anything specifically important missing?
Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.
Look, ma... four combat bouts!
Look, ma... four combat bouts!
Re: Everybody please update their git clients (SECURITY)
Uhm .. no. Advisory sais:
Affected versions
<= 2.17.3, 2.18.2, 2.19.3, 2.20.2, 2.21.1, 2.22.2, 2.23.1, 2.24.1, 2.25.2, 2.26.0
Patched versions
2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1
Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.
Look, ma... four combat bouts!
Look, ma... four combat bouts!
Re: Everybody please update their git clients (SECURITY)
Gah! You're right, Ophiuchus.
Re: Everybody please update their git clients (SECURITY)
Any code or patches in anything posted here is released under the CC and GPL licences in use for the FO project.
Look, ma... four combat bouts!
Look, ma... four combat bouts!
Re: Everybody please update their git clients (SECURITY)
Hahaha.
I didn't at start. But when I opened that Git's repo issue link I read the versions line as if it was just one (and so I thought that 2.26.1 was preceded by the initial <= for affected versions).