stable

git-2.40.1-1.fc36

FEDORA-2023-003e7d2867 created by tmz 8 months ago for Fedora 36

update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)

Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project:

https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652) https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)

(At this time there is no upstream advisory for CVE-2023-25815. This issue does not affect the Fedora packages as we do not use the runtime prefix support.)

Release notes: https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-003e7d2867

This update has been submitted for testing by tmz.

8 months ago

This update's test gating status has been changed to 'waiting'.

8 months ago

This update's test gating status has been changed to 'passed'.

8 months ago

This update has been pushed to testing.

8 months ago
karma

This update has been submitted for stable by bodhi.

7 months ago

This update has been pushed to stable.

7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
8 months ago
in testing
8 months ago
in stable
7 months ago
approved
7 months ago
BZ#2188333 CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
0
0
BZ#2188338 CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file
0
0
BZ#2189767 CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents [fedora-38]
0
0
BZ#2189769 CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file [fedora-all]
0
0

Automated Test Results