oss-sec mailing list archives
Git v2.37.1 and friends for CVE-2022-29187
From: Junio C Hamano <junio () pobox com>
Date: Wed, 13 Jul 2022 17:13:18 -0700
The Git project released new versions on July 12th, 2022, addressing CVE-2022-29187. We highly recommend to upgrade to one of these fixed versions: v2.30.5 v2.31.4 v2.32.3 v2.33.4 v2.34.4 v2.35.4 v2.36.2 v2.37.1 If you are on the unreleased development track, the same fix is already included, so you do not have to do anything. https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/ This fix contained in these releases are minor updates for the changes that went into Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). Credit for finding and fixing the problem goes to Carlo Marcelo Arenas Belón and Johannes Schindelin. Thanks.
Current thread:
- Git v2.37.1 and friends for CVE-2022-29187 Junio C Hamano (Jul 13)