Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1329591 - Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324
Summary: Please update to 2.7.4 fixing CVE-2016-2315, CVE-2016-2324
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: git
Version: 24
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Petr Stodulka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedFreezeException
Depends On:
Blocks: F24BetaFreezeException F24FinalFreezeException
TreeView+ depends on / blocked
 
Reported: 2016-04-22 10:04 UTC by Christian Stadelmann
Modified: 2016-04-26 16:32 UTC (History)
11 users (show)

Fixed In Version: git-2.7.4-1.fc24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-26 16:32:28 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Christian Stadelmann 2016-04-22 10:04:18 UTC 
Description of problem:
On Fedora 24 (updates-testing), git is still at 2.7.3, a 2.7.4 build hasn't been released.

Version-Release number of selected component (if applicable):
git-2.7.3-1.fc24.x86_64

Expected results:
update critical issues

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1317981

Please include the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1289728 too. I don't see why this fix is in rawhide only.
Comment 1 Fedora Blocker Bugs Application 2016-04-22 10:11:07 UTC 
Proposed as a Freeze Exception for 24-beta by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.
Comment 2 Fedora Blocker Bugs Application 2016-04-22 10:19:35 UTC 
Proposed as a Freeze Exception for 24-final by Fedora user genodeftest using the blocker tracking app because:

 As many fedora 24 users are developers or testers, CVE-2016-2324 and CVE-2016-2315 have high impact on their workflow. Please fix these bugs ASAP.
Comment 3 Petr Stodulka 2016-04-22 10:30:00 UTC 
Thanks for notice. It was added to git repository earlier but I haven't checked that has been created new build.
Comment 4 Fedora Update System 2016-04-22 11:19:02 UTC 
git-2.7.4-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3
Comment 5 Adam Williamson 2016-04-22 18:03:57 UTC 
+1 FE, critical security issue sure sounds like an FE recipe to me. and I can see people running git from a live image.
Comment 6 Dennis Gilmore 2016-04-22 18:10:49 UTC 
+1 FE what ^^ he said
Comment 7 Kevin Fenzi 2016-04-22 18:26:03 UTC 
+1 FE
Comment 8 Tim Flink 2016-04-22 18:30:02 UTC 
+1 FE. That makes +4, moving to accepted
Comment 9 Fedora Update System 2016-04-23 21:23:15 UTC 
git-2.7.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f164810c3
Comment 10 Fedora Update System 2016-04-26 16:32:23 UTC 
git-2.7.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.