On Tue, Mar 15, 2016 at 10:13 PM, Ximin Luo <infini...@debian.org> wrote: > http://seclists.org/oss-sec/2016/q1/645 > > Please upload 2.7.1 ASAP. Just for the record, it should be 2.7.3 due to an integer overflow fix[1] (no CVE). On the other hand, CVE-2016-2315 is already fixed in Stretch and Sid[2] with the 2.7.0 version.
Laszlo/GCS [1] https://github.com/git/git/commit/13e0b0d3dc76353632dcb0bc63cdf03426154317 [2] https://security-tracker.debian.org/tracker/CVE-2016-2315
