stable

git-2.30.2-1.fc33

FEDORA-2021-63fcbd126e created by tmz a year ago for Fedora 33

Security fix for CVE-2021-21300

A specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS. Note that clean/smudge filters have to be configured in advance, in the system-wide or global user configuration for this bug to be exploited.

This issue does not affect Fedora in default configurations.

For further details, please refer to the upstream advisory.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-63fcbd126e

This update has been submitted for testing by tmz.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago
User Icon atim provided feedback a year ago
karma

This update has been pushed to testing.

a year ago
User Icon bojan provided feedback a year ago
karma

This update can be pushed to stable now if the maintainer wishes

a year ago
User Icon ersen provided feedback a year ago
karma
User Icon limb commented & provided feedback a year ago
karma

No regressions noted.

This update has been submitted for stable by limb.

a year ago
User Icon tmz commented & provided feedback a year ago

Thanks for testing everyone.

I was hoping to keep this in updates testing for a bit longer. The update is from 2.29 to 2.30 and while I don't anticipate any issues with that, there are a lot of use-cases I could miss.

The security issue being resolved does not affect the overwhelming majority of Fedora users and is not urgent enough warrant pushing this to stable after less than a full day in the testing repo.

In the future, i'd appreciate a heads up before an update is pushed to stable. I disabled the autopush explicitly. Thanks.

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1935158 CVE-2021-21300 git: remote code execution during clone operation on case-insensitive filesystems
0
0
BZ#1937166 CVE-2021-21300 git: remote code execution during clone operation on case-insensitive filesystems [fedora-all]
0
0

Automated Test Results

ignored