update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project:
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652) https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)
(At this time there is no upstream advisory for CVE-2023-25815. This issue does not affect the Fedora packages as we do not use the runtime prefix support.)
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-003e7d2867
Please login to add feedback.