On 2023-09-25 at 15:37:46, Robert Smith wrote: > Hello, Hey, > Regarding this CVE: > > https://curl.se/docs/CVE-2023-38039.html > > Is there any plan to update Git for Windows to include the updated 8.3.0 Curl binaries? The Git project doesn't ship any binaries at all, and we don't ship curl. Git for Windows does ship a substantial amount of other software, including curl. You can find their issue tracker at https://github.com/git-for-windows/git/issues, but I believe this has already been fixed in https://github.com/git-for-windows/git/issues/4605 and will be included in the next version. I'm not certain about their release policy, but I seem to recall that they don't issue updates for dependent packages until a new release would normally be done. To be certain, you'd have to inquire with them. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature