Ubuntu
git package

Sync git 1:2.8.1-1 (main) from Debian unstable (main)

Bug #1563336 reported by Gianfranco Costamagna
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
git (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync git 1:2.8.1-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: New upstream release to fix denial of service or possible
    remote code execution (LP: #1557787)
    + CVE-2016-2324
    + The previous upload only fixed one of the two security issues and 2.7.4
      is needed to address the second
  * New upstream release, with critical security bugfixes (LP: #1557787)

Included in new release.

Changelog entries since current xenial version 1:2.7.4-0ubuntu1:

git (1:2.8.0~rc3-1) unstable; urgency=medium

  * new upstream release candidate (see RelNotes/2.8.0.txt).
    * harden against on-stack and on-heap buffer overflows (CVE-2016-2324,
      CVE-2016-2315; closes: #818318).
  * debian/git.docs: update for README -> README.md renaming.

 -- Jonathan Nieder <email address hidden> Wed, 16 Mar 2016 18:28:12 -0700

See original description

CVE References

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote : Re: [Ffe] Sync git 1:2.8.0~rc3-1 (main) from Debian unstable (main)

here the changes since 2.7
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.8.0.txt

I think it is safe to sync, the new features are confined to new commands implemented, the other stuff is bug fixing, performances imporvement.

e.g. parallel fetch of git submodules is something that is *really* nice to have :)

Changed in git (Ubuntu):
importance: Undecided → Wishlist
summary: - Sync git 1:2.8.0~rc3-1 (main) from Debian unstable (main)
+ [Ffe] Sync git 1:2.8.0~rc3-1 (main) from Debian unstable (main)
Revision history for this message
Logan Rosen (logan) wrote :

Unsubscribing ~ubuntu-sponsors. Please only subscribe once there is an ack from the release team.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

well, subscribing them again :)

summary: - [Ffe] Sync git 1:2.8.0~rc3-1 (main) from Debian unstable (main)
+ Sync git 1:2.8.1-1 (main) from Debian unstable (main)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

This bug was fixed in the package git - 1:2.8.1-1
Sponsored for LocutusOfBorg (costamagnagianfranco)

---------------
git (1:2.8.1-1) unstable; urgency=low

  * new upstream point release.
  * debian/diff/0003-0007-srv-be-more-tolerant-of-broken-DNS-replies.diff:
    remove.

 -- Jonathan Nieder <email address hidden> Mon, 18 Apr 2016 17:23:33 -0700

git (1:2.8.0~rc3-1) unstable; urgency=medium

  * new upstream release candidate (see RelNotes/2.8.0.txt).
    * harden against on-stack and on-heap buffer overflows (CVE-2016-2324,
      CVE-2016-2315; closes: #818318).
  * debian/git.docs: update for README -> README.md renaming.

 -- Jonathan Nieder <email address hidden> Wed, 16 Mar 2016 18:28:12 -0700

Changed in git (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.