rpm/git
SHA256
1
0
Fork 0
forked from pool/git
Code Pull Requests Activity

Accepting request 1082939 from devel:tools:scm

Browse Source 
- git 2.40.1:
  * CVE-2023-25652: By feeding specially crafted input to git apply
    --reject, a path outside the working tree can be overwritten
    with partially controlled contents (corresponding to the
    rejected hunk(s) from the given patch).
  * CVE-2023-25815: When Git is compiled with runtime prefix
    support and runs without translated messages, it still used
    the gettext machinery to display messages, which subsequently
    potentially looked for translated messages in unexpected
    places. This allowed for malicious placement of crafted
    messages.
  * CVE-2023-29007: When renaming or deleting a section from a
    configuration file, certain malicious configuration values may
    be misinterpreted as the beginning of a new configuration
    section, leading to arbitrary configuration injection.

OBS-URL: https://build.opensuse.org/request/show/1082939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=298
This commit is contained in:
Dominique Leuenberger 2023-04-27 17:59:12 +00:00 committed by Git OBS Bridge
commit 34a2968485
6 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
git-2.40.0.tar.sign
View File

Binary file not shown.

3
git-2.40.0.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b17a598fbf58729ef13b577465eb93b2d484df1201518b708b5044ff623bf46d
size 7183692

BIN
git-2.40.1.tar.sign Normal file
View File

Binary file not shown.

3
git-2.40.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4893b8b98eefc9fdc4b0e7ca249e340004faa7804a433d17429e311e1fef21d2
size 7185260

19
git.changes
View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Tue Apr 25 20:43:30 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
- git 2.40.1:
* CVE-2023-25652: By feeding specially crafted input to git apply
--reject, a path outside the working tree can be overwritten
with partially controlled contents (corresponding to the
rejected hunk(s) from the given patch).
* CVE-2023-25815: When Git is compiled with runtime prefix
support and runs without translated messages, it still used
the gettext machinery to display messages, which subsequently
potentially looked for translated messages in unexpected
places. This allowed for malicious placement of crafted
messages.
* CVE-2023-29007: When renaming or deleting a section from a
configuration file, certain malicious configuration values may
be misinterpreted as the beginning of a new configuration
section, leading to arbitrary configuration injection.
-------------------------------------------------------------------
Thu Apr 6 10:51:06 UTC 2023 - Adam Majer <adam.majer@suse.de>

2
git.spec
View File

@ -36,7 +36,7 @@
%bcond_with asciidoctor
%endif
Name: git
Version: 2.40.0
Version: 2.40.1
Release: 0
Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only