|Summary:||Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324|
|Product:||[Fedora] Fedora||Reporter:||Christian Stadelmann <fedora>|
|Component:||git||Assignee:||Petr Stodulka <pstodulk>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||24||CC:||amahdal, awilliam, besser82, c.david86, chrisw, fedora, jbowes, kevin, pstodulk, tflink, tmz|
|Fixed In Version:||git-2.7.4-1.fc24||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2016-04-26 16:32:28 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||1230434, 1230436, 1317981|
Description Christian Stadelmann 2016-04-22 10:04:18 UTC
Description of problem: On Fedora 24 (updates-testing), git is still at 2.7.3, a 2.7.4 build hasn't been released. Version-Release number of selected component (if applicable): git-2.7.3-1.fc24.x86_64 Expected results: update critical issues Additional info: https://bugzilla.redhat.com/show_bug.cgi?id=1317981 Please include the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1289728 too. I don't see why this fix is in rawhide only.
Comment 1 Fedora Blocker Bugs Application 2016-04-22 10:11:07 UTC
Proposed as a Freeze Exception for 24-beta by Fedora user genodeftest using the blocker tracking app because: As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.
Comment 2 Fedora Blocker Bugs Application 2016-04-22 10:19:35 UTC
Proposed as a Freeze Exception for 24-final by Fedora user genodeftest using the blocker tracking app because: As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.
Comment 3 Petr Stodulka 2016-04-22 10:30:00 UTC
Thanks for notice. It was added to git repository earlier but I haven't checked that has been created new build.
Comment 4 Fedora Update System 2016-04-22 11:19:02 UTC
git-2.7.4-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3
Comment 5 Adam Williamson 2016-04-22 18:03:57 UTC
+1 FE, critical security issue sure sounds like an FE recipe to me. and I can see people running git from a live image.
Comment 6 Dennis Gilmore 2016-04-22 18:10:49 UTC
+1 FE what ^^ he said
Comment 7 Kevin Fenzi 2016-04-22 18:26:03 UTC
Comment 8 Tim Flink 2016-04-22 18:30:02 UTC
+1 FE. That makes +4, moving to accepted
Comment 9 Fedora Update System 2016-04-23 21:23:15 UTC
git-2.7.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3
Comment 10 Fedora Update System 2016-04-26 16:32:23 UTC
git-2.7.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.