Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1329591

Summary: Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324
Product: [Fedora] Fedora Reporter: Christian Stadelmann <fedora>
Component: gitAssignee: Petr Stodulka <pstodulk>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 24CC: amahdal, awilliam, besser82, c.david86, chrisw, fedora, jbowes, kevin, pstodulk, tflink, tmz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: AcceptedFreezeException
Fixed In Version: git-2.7.4-1.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-26 16:32:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1230434, 1230436    

Description Christian Stadelmann 2016-04-22 10:04:18 UTC 
Description of problem:
On Fedora 24 (updates-testing), git is still at 2.7.3, a 2.7.4 build hasn't been released.

Version-Release number of selected component (if applicable):
git-2.7.3-1.fc24.x86_64

Expected results:
update critical issues

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1317981

Please include the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1289728 too. I don't see why this fix is in rawhide only.
Comment 1 Fedora Blocker Bugs Application 2016-04-22 10:11:07 UTC 
Proposed as a Freeze Exception for 24-beta by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.
Comment 2 Fedora Blocker Bugs Application 2016-04-22 10:19:35 UTC 
Proposed as a Freeze Exception for 24-final by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.
Comment 3 Petr Stodulka 2016-04-22 10:30:00 UTC 
Thanks for notice. It was added to git repository earlier but I haven't checked that has been created new build.
Comment 4 Fedora Update System 2016-04-22 11:19:02 UTC 
git-2.7.4-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3
Comment 5 Adam Williamson 2016-04-22 18:03:57 UTC 
+1 FE, critical security issue sure sounds like an FE recipe to me. and I can see people running git from a live image.
Comment 6 Dennis Gilmore 2016-04-22 18:10:49 UTC 
+1 FE what ^^ he said
Comment 7 Kevin Fenzi 2016-04-22 18:26:03 UTC 
+1 FE
Comment 8 Tim Flink 2016-04-22 18:30:02 UTC 
+1 FE. That makes +4, moving to accepted
Comment 9 Fedora Update System 2016-04-23 21:23:15 UTC 
git-2.7.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3
Comment 10 Fedora Update System 2016-04-26 16:32:23 UTC 
git-2.7.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.