[asterisk-bugs] [JIRA] (ASTERISK-30029) build: Git security vulnerability fix is sad with our accessing git as root during "make install"

Asterisk Team (JIRA) noreply at issues.asterisk.org
Thu Jul 28 11:17:11 CDT 2022


     [ https://issues.asterisk.org/jira/browse/ASTERISK-30029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-30029:
-------------------------------------

    Target Release Version/s: 19.6.0

> build: Git security vulnerability fix is sad with our accessing git as root during "make install"
> -------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-30029
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30029
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/BuildSystem
>    Affects Versions: 16.25.1, 18.11.1, 19.3.1
>            Reporter: Joshua C. Colp
>            Severity: Major
>      Target Release: 19.6.0, 16.28.0, 18.14.0
>
>
> When installing Asterisk we seemingly use git in some way. If this is run as root but the git repo is your user, then recent versions of git complain due to a fix for a security vulnerability[1].
> [1] https://github.blog/2022-04-12-git-security-vulnerability-announced/



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list