Update to 2.34.3 (release notes)
This release addresses CVE-2022-24765. Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in
C:\.git
, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runsgit status
(orgit diff
) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad "escape hatch" is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
*
can be used as the value for thesafe.directory
variable to signal that the user considers that any directory is safe.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-2fec5f30be
Please login to add feedback.
This update has been submitted for testing by tmz.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by tmz.
This update has been pushed to stable.