ketan
commented
5 years ago Can we pull via SCL, please. This statement makes me weary: https://ius.io/SafeRepo/#safe-replacement-package
Closed arvindsv closed 5 years ago
ketan
commented
5 years ago Can we pull via SCL, please. This statement makes me weary: https://ius.io/SafeRepo/#safe-replacement-package
varshavaradarajan
commented
5 years ago @arvindsv - One more for you. ubuntu 14.04 - git version 1.9.1 (vulnerable)
ketan
commented
5 years ago Most os distros will backport patches for fixing vulnerabilities. So this PR is strictly not needed, if you ask me. If we want to upgrade git because we need some specific features, we may.
https://access.redhat.com/security/cve/cve-2018-11235
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11235.html
On Tue, Oct 23, 2018, 5:01 AM Varsha Varadarajan notifications@github.com wrote:
@arvindsv https://github.com/arvindsv - One more for you. ubuntu 14.04
- git version 1.9.1 (vulnerable)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/gocd/docker-gocd-agent/pull/82#issuecomment-432027737, or mute the thread https://github.com/notifications/unsubscribe-auth/AAApZnqJOl15tHvun4HuLqRePo1HPvQ6ks5unlU3gaJpZM4XxlHx .
arvindsv
commented
5 years ago Fine. Closing this then. I checked on 18.10 Centos 7 and it's not vulnerable.
IUS repos are mentioned on the official Git download page. Without using it, or SCL, it's a pain to install a newer version of git.
See: https://github.com/gocd/docker-gocd-agent/issues/62
Also, Ubuntu 18.04 based agent image has git 2.17.1.
/cc @varshavaradarajan (was the one who made me do this ...)
Fixes #62.