stable

git-2.40.1-1.fc37

FEDORA-2023-d84a75ea52 created by tmz a year ago for Fedora 37

update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)

Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project:

https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652) https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)

(At this time there is no upstream advisory for CVE-2023-25815. This issue does not affect the Fedora packages as we do not use the runtime prefix support.)

Release notes: https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-d84a75ea52

This update has been submitted for testing by tmz.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago
User Icon huembert provided feedback a year ago
karma
User Icon filiperosset commented & provided feedback a year ago
karma

no regressions noted

This update can be pushed to stable now if the maintainer wishes

a year ago
karma

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#2188333 CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents
0
0
BZ#2188338 CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file
0
0
BZ#2189767 CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents [fedora-38]
0
0
BZ#2189769 CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file [fedora-all]
0
0

Automated Test Results