[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Git v2.37.1 and friends for CVE-2022-29187
From: Junio C Hamano <junio () pobox ! com>
Date: 2022-07-14 0:13:18
Message-ID: xmqqh73k8sbl.fsf () gitster ! g
[Download RAW message or body]
The Git project released new versions on July 12th, 2022, addressing
CVE-2022-29187. We highly recommend to upgrade to one of these fixed
versions:
v2.30.5 v2.31.4 v2.32.3 v2.33.4 v2.34.4 v2.35.4 v2.36.2 v2.37.1
If you are on the unreleased development track, the same fix is
already included, so you do not have to do anything.
https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/
This fix contained in these releases are minor updates for the
changes that went into Git 2.30.3 and 2.30.4, addressing
CVE-2022-29187.
* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).
Credit for finding and fixing the problem goes to Carlo Marcelo
Arenas Bel=C3=B3n and Johannes Schindelin.
Thanks.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic