Accepting request 1082819 from home:AndreasStieger:branches:devel:tools:scm

git 2.40.1

OBS-URL: https://build.opensuse.org/request/show/1082819
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=616

git-2.40.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b17a598fbf58729ef13b577465eb93b2d484df1201518b708b5044ff623bf46d
-size 7183692

git-2.40.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4893b8b98eefc9fdc4b0e7ca249e340004faa7804a433d17429e311e1fef21d2
+size 7185260

git.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Apr 25 20:43:30 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- git 2.40.1:
+  * CVE-2023-25652: By feeding specially crafted input to git apply
+    --reject, a path outside the working tree can be overwritten
+    with partially controlled contents (corresponding to the
+    rejected hunk(s) from the given patch).
+  * CVE-2023-25815: When Git is compiled with runtime prefix
+    support and runs without translated messages, it still used
+    the gettext machinery to display messages, which subsequently
+    potentially looked for translated messages in unexpected
+    places. This allowed for malicious placement of crafted
+    messages.
+  * CVE-2023-29007: When renaming or deleting a section from a
+    configuration file, certain malicious configuration values may
+    be misinterpreted as the beginning of a new configuration
+    section, leading to arbitrary configuration injection.
+
 -------------------------------------------------------------------
 Thu Apr  6 10:51:06 UTC 2023 - Adam Majer <adam.majer@suse.de>
 

git.spec

@@ -36,7 +36,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.40.0
+Version:        2.40.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only