From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: "Person, Tim" <Tim.Person@personent.com>
Cc: "git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: Security Vulnerability in Git 2.54.0/OpenSSL 3.5.6 Status
Date: Mon, 29 Jun 2026 15:57:12 +0200 (CEST) [thread overview]
Message-ID: <fe8a3a3f-d762-d2c2-9454-a57ac9a75331@gmx.de> (raw)
In-Reply-To: <SN4P221MB0713994458A94BFCB51F7AC494EA2@SN4P221MB0713.NAMP221.PROD.OUTLOOK.COM>
Hi Tim,
On Sat, 27 Jun 2026, Person, Tim wrote:
> I am writing to determine when Git plans to release an update installer
> to patch the security vulnerability in Git 2.54.0 because of the
> included OpenSSL executable. This vulnerability is rated "Critical" in
> the CVE (https://www.cve.org/CVERecord?id=CVE-2026-34182). An updated
> version of the OpenSSL.exe fixing this problem has been available since
> 06/12/2026. I am just wondering if/when you plan to address this major
> security issue.
OpenSSL.exe is not part of the critical path of Git for Windows. It is
merely included as a curiosity for historical reasons. The critical CVE
you mentioned does not affect anything in Git itself. Therefore, I did not
even consider making an out-of-band release of Git for Windows merely for
that OpenSSL v3.5.7 update.
The next Git for Windows release (v2.55.0, likely due later today, may
slip to tomorrow) will include OpenSSL v3.5.7.
Ciao,
Johannes
prev parent reply other threads:[~2026-06-29 13:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-27 19:18 Security Vulnerability in Git 2.54.0/OpenSSL 3.5.6 Status Person, Tim
2026-06-27 21:07 ` Todd Zullinger
2026-06-27 21:17 ` Person, Tim
2026-06-29 13:57 ` Johannes Schindelin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe8a3a3f-d762-d2c2-9454-a57ac9a75331@gmx.de \
--to=johannes.schindelin@gmx.de \
--cc=Tim.Person@personent.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox