On Thu, Dec 18, 2014 at 03:50:52PM -0800, Richard Mehlinger wrote: > Git has announced a major vulnerability, allowing attackers to set up > a malicious git repository that can be used to take over a client > computer: > https://github.com/blog/1938-vulnerability-announced-update-your-git-clients. > Maintenance releases are already out for current Git versions. > > My question is: When can we expect an update to the Cygwin git package > to address these concerns?
I'm aware of the vulnerability and intend to publish a new package as soon as possible. A combination of the holiday period, technical problems and assorted other real life is making this more difficult than I would like, but I expect to get it released by 11 January at the absolute latest, and hopefully much sooner than that. Adam -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
