Date: Thu, 21 Jun 2018 18:17:20 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 229217] devel/git vulnerable to CVE-2018-11233 and CVE-2018-11235 in 2018Q2 Message-ID: <bug-229217-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229217 Bug ID: 229217 Summary: devel/git vulnerable to CVE-2018-11233 and CVE-2018-11235 in 2018Q2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: garga@FreeBSD.org Reporter: danmcgrath.ca@gmail.com Flags: maintainer-feedback?(garga@FreeBSD.org) Assignee: garga@FreeBSD.org Hi, I was just wondering if perhaps I missed something, or there is a bug in my poudriere, but is it really the case that git has been vulnerable for 2 CVE= 's for a few weeks now? Any plans to patch it in Q2 (as opposed to waiting for Q3)? Thanks! git-2.16.3 is vulnerable: Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) CVE: CVE-2018-11235 CVE: CVE-2018-11233 WWW: https://vuxml.FreeBSD.org/freebsd/c7a135f4-66a4-11e8-9e63-3085a9a47796.html --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229217-7788>