Bug 1329591 - Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324
Summary: Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: git
Version: 24
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: pstodulk
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedFreezeException
Keywords:
Depends On:
Blocks: F24BetaFreezeException F24FinalFreezeException CVE-2016-2315, CVE-2016-2324
TreeView+ depends on / blocked
 
Reported: 2016-04-22 10:04 UTC by Christian Stadelmann
Modified: 2016-04-26 16:32 UTC (History)
11 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-04-26 16:32:28 UTC


Attachments (Terms of Use)

Description Christian Stadelmann 2016-04-22 10:04:18 UTC
Description of problem:
On Fedora 24 (updates-testing), git is still at 2.7.3, a 2.7.4 build hasn't been released.

Version-Release number of selected component (if applicable):
git-2.7.3-1.fc24.x86_64

Expected results:
update critical issues

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1317981

Please include the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1289728 too. I don't see why this fix is in rawhide only.

Comment 1 Fedora Blocker Bugs Application 2016-04-22 10:11:07 UTC
Proposed as a Freeze Exception for 24-beta by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.

Comment 2 Fedora Blocker Bugs Application 2016-04-22 10:19:35 UTC
Proposed as a Freeze Exception for 24-final by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.

Comment 3 pstodulk 2016-04-22 10:30:00 UTC
Thanks for notice. It was added to git repository earlier but I haven't checked that has been created new build.

Comment 4 Fedora Update System 2016-04-22 11:19:02 UTC
git-2.7.4-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3

Comment 5 Adam Williamson 2016-04-22 18:03:57 UTC
+1 FE, critical security issue sure sounds like an FE recipe to me. and I can see people running git from a live image.

Comment 6 Dennis Gilmore 2016-04-22 18:10:49 UTC
+1 FE what ^^ he said

Comment 7 Kevin Fenzi 2016-04-22 18:26:03 UTC
+1 FE

Comment 8 Tim Flink 2016-04-22 18:30:02 UTC
+1 FE. That makes +4, moving to accepted

Comment 9 Fedora Update System 2016-04-23 21:23:15 UTC
git-2.7.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3

Comment 10 Fedora Update System 2016-04-26 16:32:23 UTC
git-2.7.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.