[ATTN Maintainers] CVEs rsync 6 git 2

Brian Inglis via Cygwin-apps Fri, 24 Jan 2025 09:54:25 -0800

*rsync* Cygwin current stable release has *6 CVEs* against it


        https://seclists.org/oss-sec/2025/q1/16

        https://kb.cert.org/vuls/id/952657

        https://download.samba.org/pub/rsync/NEWS#3.4.1

*git*   Cygwin current stable release has *2 CVEs* against it

        https://seclists.org/oss-sec/2025/q1/17

https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8
https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577
https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060
https://github.com/git/git/commit/08756131a3b7038a60365ae56804cea4301082a9

Git seems to bury these CVE notes and fixes in commits vs 2.40.4, then mergesthe fixes up into newer releases, with release notes that only refer to theprevious release notes, in a long chain!

It looks like 2.48.1 contains all recent fixes, including the fixes-to-fixes.

Please update promptly to latest fixed upstream releases as these products maybe used across firewalls.


--
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher  but when there is no more to cut
                                -- Antoine de Saint-Exupéry

[ATTN Maintainers] CVEs *rsync* 6 *git* 2

Reply via email to

[ATTN Maintainers] CVEs rsync 6 git 2