Ubuntu
git package

Update git because of CVE-2022-23521

Bug #2003204 reported by Jan Bauer
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
git (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Please provide the latest git for Ubuntu LTS (18, 20 and 22)

The current version appears to be 2.39.1. The versions available from apt seem to be pretty old. We still have some systems with Ubuntu 18 LTS, and I see 2.17.1 there after running sudo apt update && sudo apt upgrade -y

See also: https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89

CVE References

Revision history for this message
Bernard Stafford (bernard010) wrote (last edit ):

https://answers.launchpad.net/ubuntu/+source/git/+question/704452
https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.6

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in git (Ubuntu):
status: New → Confirmed
Revision history for this message
Jan Bauer (jankbauer) wrote :

It appears that Canonical does not want to provide a fixed version.

So I decided to change the git source repo, and get a fresh git with:

sudo add-apt-repository ppa:git-core/ppa
sudo apt update
sudo apt install git -y

now check the version with: git --version

and it has 2.39.2, works on Ubuntu 18.04 without issues.

Conclusion: there is no reason to stick at the old git 2.17.1 on that distro.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.