From e41a64631a012584de816c802c0ae5ee9b930eb2 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 17 Mar 2016 23:08:39 -0400
Subject: tracking bug

---
 doc/bugs/git_security_fix.mdwn | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 doc/bugs/git_security_fix.mdwn

(limited to 'doc/bugs/git_security_fix.mdwn')

diff --git a/doc/bugs/git_security_fix.mdwn b/doc/bugs/git_security_fix.mdwn
new file mode 100644
index 000000000..3c25f4945
--- /dev/null
+++ b/doc/bugs/git_security_fix.mdwn
@@ -0,0 +1,18 @@
+git had some remotely exploitable security holes announced recently
+(CVE-2016-2324, CVE-2016-2315)
+
+git-annex builds that bundle git need to be updated.
+
+status of autobuilds:
+
+* Linux is fixed (all builds)
+* OSX pending
+* Windows waiting on updated release of git for Windows
+* Android is fixed (git build is untested)
+
+status of released builds:
+
+* Linux is vulnerable
+* OSX is vulnerable
+* Windows is vulnerable
+* Android is vulnerable
-- 
cgit v1.2.3