From: "Matthiesen, Jan" <Jan.Matthiesen@bwi.de>
To: "git@vger.kernel.org" <git@vger.kernel.org>
Subject: Git for Win - CVE-2025-68121 - Impact Analysis and Fix
Date: Thu, 26 Feb 2026 18:08:29 +0000 [thread overview]
Message-ID: <d65bd23d95fb4ae19651e83f4578850a@bwi.de> (raw)
Hi Git dev team,
we've noted above critical CVE (CVSS 10.0) and wanted to inquire about any possible dependencies for the (2.53.0) x64 version of Git for Windows and any fix perspective.
Given Git is not a Google tool it should be quick to decide and respond to.
The CVE relates to packet crypto/tls in the standard library of Go (Golang).
Impacted software: Go-versions prior to 1.26.0-rc.1 plus distros based on it (e.g. Debian Bullseye/Bookworm, RHEL 10, Ubuntu).
How can we ensure the latest Git version is not or no longer impacted by this CV?
Kind regards
Jan.Matthiesen@bwi.de
reply other threads:[~2026-02-26 18:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d65bd23d95fb4ae19651e83f4578850a@bwi.de \
--to=jan.matthiesen@bwi.de \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox