Date: Tue, 09 Mar 2021 20:27:59 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 254170] devel/git: Update to 2.30.2 Message-ID: <bug-254170-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254170 Bug ID: 254170 Summary: devel/git: Update to 2.30.2 Product: Ports & Packages Version: Latest Hardware: Any URL: https://public-inbox.org/git/xmqqim6019yd.fsf@gitster. c.googlers.com/T/#u OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: garga@FreeBSD.org Reporter: yasu@utahime.org Flags: maintainer-feedback?(garga@FreeBSD.org) Assignee: garga@FreeBSD.org Created attachment 223132 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D223132&action= =3Dedit Patch file Update to 2.30.2. Release Note: https://public-inbox.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/T/#u This release contains security fix of CVE-2021-21300. But in the release no= te it is explained as following. * CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. And it doesn't apply to FreeBSD. So this isn't security update for us. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254170-7788>