[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Git v2.37.1 and friends for CVE-2022-29187
From:       Junio C Hamano <junio () pobox ! com>
Date:       2022-07-14 0:13:18
Message-ID: xmqqh73k8sbl.fsf () gitster ! g
[Download RAW message or body]

The Git project released new versions on July 12th, 2022, addressing
CVE-2022-29187.  We highly recommend to upgrade to one of these fixed
versions:

  v2.30.5 v2.31.4 v2.32.3 v2.33.4 v2.34.4 v2.35.4 v2.36.2 v2.37.1

If you are on the unreleased development track, the same fix is
already included, so you do not have to do anything.

https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/


This fix contained in these releases are minor updates for the
changes that went into Git 2.30.3 and 2.30.4, addressing
CVE-2022-29187.

 * The safety check that verifies a safe ownership of the Git
   worktree is now extended to also cover the ownership of the Git
   directory (and the `.git` file, if there is any).

Credit for finding and fixing the problem goes to Carlo Marcelo
Arenas Bel=C3=B3n and Johannes Schindelin.

Thanks.

[prev in list] [next in list] [prev in thread] [next in thread]