Accepting request 1082939 from devel:tools:scm
- git 2.40.1:
* CVE-2023-25652: By feeding specially crafted input to git apply
--reject, a path outside the working tree can be overwritten
with partially controlled contents (corresponding to the
rejected hunk(s) from the given patch).
* CVE-2023-25815: When Git is compiled with runtime prefix
support and runs without translated messages, it still used
the gettext machinery to display messages, which subsequently
potentially looked for translated messages in unexpected
places. This allowed for malicious placement of crafted
messages.
* CVE-2023-29007: When renaming or deleting a section from a
configuration file, certain malicious configuration values may
be misinterpreted as the beginning of a new configuration
section, leading to arbitrary configuration injection.
OBS-URL: https://build.opensuse.org/request/show/1082939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=298
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
34a2968485
Binary file not shown.
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:b17a598fbf58729ef13b577465eb93b2d484df1201518b708b5044ff623bf46d
|
|
||||||
size 7183692
|
|
||||||
BIN
git-2.40.1.tar.sign
Normal file
BIN
git-2.40.1.tar.sign
Normal file
Binary file not shown.
3
git-2.40.1.tar.xz
Normal file
3
git-2.40.1.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:4893b8b98eefc9fdc4b0e7ca249e340004faa7804a433d17429e311e1fef21d2
|
||||||
|
size 7185260
|
||||||
19
git.changes
19
git.changes
@ -1,3 +1,22 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 25 20:43:30 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
|
||||||
|
|
||||||
|
- git 2.40.1:
|
||||||
|
* CVE-2023-25652: By feeding specially crafted input to git apply
|
||||||
|
--reject, a path outside the working tree can be overwritten
|
||||||
|
with partially controlled contents (corresponding to the
|
||||||
|
rejected hunk(s) from the given patch).
|
||||||
|
* CVE-2023-25815: When Git is compiled with runtime prefix
|
||||||
|
support and runs without translated messages, it still used
|
||||||
|
the gettext machinery to display messages, which subsequently
|
||||||
|
potentially looked for translated messages in unexpected
|
||||||
|
places. This allowed for malicious placement of crafted
|
||||||
|
messages.
|
||||||
|
* CVE-2023-29007: When renaming or deleting a section from a
|
||||||
|
configuration file, certain malicious configuration values may
|
||||||
|
be misinterpreted as the beginning of a new configuration
|
||||||
|
section, leading to arbitrary configuration injection.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 6 10:51:06 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
Thu Apr 6 10:51:06 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
|||||||
2
git.spec
2
git.spec
@ -36,7 +36,7 @@
|
|||||||
%bcond_with asciidoctor
|
%bcond_with asciidoctor
|
||||||
%endif
|
%endif
|
||||||
Name: git
|
Name: git
|
||||||
Version: 2.40.0
|
Version: 2.40.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Fast, scalable, distributed revision control system
|
Summary: Fast, scalable, distributed revision control system
|
||||||
License: GPL-2.0-only
|
License: GPL-2.0-only
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user