Closed arvindsv closed 5 years ago
Can we pull via SCL, please. This statement makes me weary: https://ius.io/SafeRepo/#safe-replacement-package
@arvindsv - One more for you. ubuntu 14.04 - git version 1.9.1 (vulnerable)
Most os distros will backport patches for fixing vulnerabilities. So this PR is strictly not needed, if you ask me. If we want to upgrade git because we need some specific features, we may.
https://access.redhat.com/security/cve/cve-2018-11235
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11235.html
On Tue, Oct 23, 2018, 5:01 AM Varsha Varadarajan notifications@github.com wrote:
@arvindsv https://github.com/arvindsv - One more for you. ubuntu 14.04
- git version 1.9.1 (vulnerable)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/gocd/docker-gocd-agent/pull/82#issuecomment-432027737, or mute the thread https://github.com/notifications/unsubscribe-auth/AAApZnqJOl15tHvun4HuLqRePo1HPvQ6ks5unlU3gaJpZM4XxlHx .
Fine. Closing this then. I checked on 18.10 Centos 7 and it's not vulnerable.
IUS repos are mentioned on the official Git download page. Without using it, or SCL, it's a pain to install a newer version of git.
See: https://github.com/gocd/docker-gocd-agent/issues/62
Also, Ubuntu 18.04 based agent image has git 2.17.1.
/cc @varshavaradarajan (was the one who made me do this ...)
Fixes #62.