hi centos community, as many of you probably have been following along, a few days ago CVE 2017-1000117 <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was identified and redhat was prompt to release patches to fedora 25/26. I haven't seen any chatter thus far from CentOS, so was wondering if anyone knew the status of the patches landing in CentOS, and more specifically, for CentOS 6 and git 1.7.x that's currently latest in the repos. thanks! Herbert -- Herbert Chang clypd | engineer 781.540.1653 herbert at clypd.com <http://www.clypd.com/> Connect with us: Twitter <https://twitter.com/clypd> | LinkedIn <https://www.linkedin.com/company/clypd-inc-> | Facebook <https://www.facebook.com/clypd>
Am 16.08.2017 um 16:29 schrieb Herbert Chang:> hi centos community, > > as many of you probably have been following along, a few days ago CVE > 2017-1000117 <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was > identified and redhat was prompt to release patches to fedora 25/26. I > haven't seen any chatter thus far from CentOS, so was wondering if anyone > knew the status of the patches landing in CentOS, and more specifically, > for CentOS 6 and git 1.7.x that's currently latest in the repos. > > thanks! > HerbertRed Hat has a CVE database. For the issue see https://access.redhat.com/security/cve/cve-2017-1000117 Red Hat just today has released a new git package for RHEL 6 + 7, RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will for sure pop up on the mirrors in near future. Alexander
> Date: Thursday, August 17, 2017 00:13:58 +0200 > From: Alexander Dalloz <ad+lists at uni-x.org> > > Am 16.08.2017 um 16:29 schrieb Herbert Chang: >> hi centos community, >> >> as many of you probably have been following along, a few days ago >> CVE 2017-1000117 >> <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was >> identified and redhat was prompt to release patches to fedora >> 25/26. I haven't seen any chatter thus far from CentOS, so was >> wondering if anyone knew the status of the patches landing in >> CentOS, and more specifically, for CentOS 6 and git 1.7.x that's >> currently latest in the repos. >> >> thanks! >> Herbert > > Red Hat has a CVE database. For the issue see > > https://access.redhat.com/security/cve/cve-2017-1000117 > > Red Hat just today has released a new git package for RHEL 6 + 7, > RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will > for sure pop up on the mirrors in near future. > > Alexander >I've seen the announcement and update(s) for centos-6 (CESA-2017:2485), but I don't find anything for centos-7 yet. It looks like RH announced them both at about the same time wednesday and the update for centos-6 came out thursday. Is there some reason that the update(s) for -7 haven't been pushed out?