[asterisk-bugs] [JIRA] (ASTERISK-30029) build: Git security vulnerability fix is sad with our accessing git as root during "make install"
Joshua C. Colp (JIRA)
noreply at issues.asterisk.org
Tue Apr 26 09:53:40 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua C. Colp updated ASTERISK-30029:
--------------------------------------
Status: Open (was: Triage)
> build: Git security vulnerability fix is sad with our accessing git as root during "make install"
> -------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-30029
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30029
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/BuildSystem
> Affects Versions: 16.25.1, 18.11.1, 19.3.1
> Reporter: Joshua C. Colp
> Severity: Major
>
> When installing Asterisk we seemingly use git in some way. If this is run as root but the git repo is your user, then recent versions of git complain due to a fix for a security vulnerability[1].
> [1] https://github.blog/2022-04-12-git-security-vulnerability-announced/
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list