Git for Win - CVE-2025-68121 - Impact Analysis and Fix

public inbox for git@vger.kernel.org
 help / color / mirror / Atom feed

* Git for Win - CVE-2025-68121 - Impact Analysis and Fix
@ 2026-02-26 18:08 Matthiesen, Jan
  0 siblings, 0 replies; only message in thread
From: Matthiesen, Jan @ 2026-02-26 18:08 UTC (permalink / raw)
  To: git@vger.kernel.org

Hi Git dev team,

we've noted above critical CVE (CVSS 10.0) and wanted to inquire about any possible dependencies for the (2.53.0) x64 version of Git for Windows and any fix perspective. 
Given Git is not a Google tool it should be quick to decide and respond to.

The CVE relates to packet crypto/tls in the standard library of Go (Golang).
Impacted software: Go-versions prior to 1.26.0-rc.1 plus distros based on it (e.g. Debian Bullseye/Bookworm, RHEL 10, Ubuntu).

How can we ensure the latest Git version is not or no longer impacted by this CV?

Kind regards
Jan.Matthiesen@bwi.de

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-02-26 18:09 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-26 18:08 Git for Win - CVE-2025-68121 - Impact Analysis and Fix Matthiesen, Jan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox