If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

deploy git server update to mitigate CVE-2014-9390

RESOLVED FIXED

Status

Developer Services
Git
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: hwine, Assigned: bkero)

Tracking

Details

(Reporter)

Description

3 years ago
2.2.1 addresses an RCE on windows & mac clients

http://article.gmane.org/gmane.linux.kernel/1853266 for announce. Packages not yet available.

Comment 1

3 years ago
We don't need a confidential bug for a released vuln (I think).
Group: mozilla-employee-confidential

Comment 2

3 years ago
We don't need 2.2.1. All the major Git branches received updates today. As talked about in #vcs, we should stay inside the current release branch and not cross version boundaries.
Summary: deploy git server update to 2.2.1 or later → deploy git server update to mitigate CVE-2014-9390
(Assignee)

Comment 3

3 years ago
Built and deployed git 1.9.5 on git1 and git2.
Assignee: nobody → bkero
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Assignee)

Comment 4

3 years ago
Additionally, 2.2.1 packages were built and put into mrepo, but not deployed.
You need to log in before you can comment on or make changes to this bug.