Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why the hate for OS X? Fedora 22 and Fedora 23 have only git 2.4.11 and 2.5.5 in their repositories.


According to https://bodhi.fedoraproject.org/updates/FEDORA-2016-6554eff6...

"Notes about this update: Security fix for CVE-2016-2315, CVE-2016-2324 (by updating to 2.5.5)."

So looks like they have backported the security fixes


Because Apple have purposefully made it more difficult than it should be for developers to find and disable the vulnerable versions.....and thus far, not released a patch.


presumably because you can easily update git on Fedora


When I do `dnf update git` I get at most 2.4.11/2.5.5, the only way I can get the latest is to compile from source.

EDIT: OK. So the fixes were backported


From what it sounded like in the article though you can't even easily replace the OSX binary for git, even if you compile it yourself.


Debian stable is still on 2.1.

https://packages.debian.org/jessie/git

      ~ git --version
    git version 2.1.4


Security fixes are backported.

http://metadata.ftp-master.debian.org/changelogs/main/g/git/...

https://security-tracker.debian.org/tracker/source-package/g...


Security fixes were cherry picked... http://metadata.ftp-master.debian.org/changelogs//main/g/git...


Ah ok. Well I just updated to 2.8 on testing. I have only recently begun to read the Debian security mailing list.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: