Bug 1329591

Summary: Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324
Product: [Fedora] Fedora Reporter: Christian Stadelmann <fedora>
Component: gitAssignee: Petr Stodulka <pstodulk>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 24CC: amahdal, awilliam, besser82, c.david86, chrisw, fedora, jbowes, kevin, pstodulk, tflink, tmz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: AcceptedFreezeException
Fixed In Version: git-2.7.4-1.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-26 16:32:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1230434, 1230436, 1317981    

Description Christian Stadelmann 2016-04-22 10:04:18 UTC
Description of problem:
On Fedora 24 (updates-testing), git is still at 2.7.3, a 2.7.4 build hasn't been released.

Version-Release number of selected component (if applicable):
git-2.7.3-1.fc24.x86_64

Expected results:
update critical issues

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1317981

Please include the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1289728 too. I don't see why this fix is in rawhide only.

Comment 1 Fedora Blocker Bugs Application 2016-04-22 10:11:07 UTC
Proposed as a Freeze Exception for 24-beta by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.

Comment 2 Fedora Blocker Bugs Application 2016-04-22 10:19:35 UTC
Proposed as a Freeze Exception for 24-final by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.

Comment 3 Petr Stodulka 2016-04-22 10:30:00 UTC
Thanks for notice. It was added to git repository earlier but I haven't checked that has been created new build.

Comment 4 Fedora Update System 2016-04-22 11:19:02 UTC
git-2.7.4-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3

Comment 5 Adam Williamson 2016-04-22 18:03:57 UTC
+1 FE, critical security issue sure sounds like an FE recipe to me. and I can see people running git from a live image.

Comment 6 Dennis Gilmore 2016-04-22 18:10:49 UTC
+1 FE what ^^ he said

Comment 7 Kevin Fenzi 2016-04-22 18:26:03 UTC
+1 FE

Comment 8 Tim Flink 2016-04-22 18:30:02 UTC
+1 FE. That makes +4, moving to accepted

Comment 9 Fedora Update System 2016-04-23 21:23:15 UTC
git-2.7.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3

Comment 10 Fedora Update System 2016-04-26 16:32:23 UTC
git-2.7.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.