Update to 2.37.1 (CVE-2022-29187)
From the release notes for 2.30.5:
This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.
* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).
Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765
Further details are available in the upstream advisory.
Additionally, from the release notes for 2.37.1:
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.
Last, but not least, are the usual bugfixes and improvements found since the 2.36 release. For details, refer to the release notes for 2.37.0.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-dfd7e7fc0e
Please login to add feedback.
This update has been submitted for testing by tmz.
This update's test gating status has been changed to 'waiting'.
This update has been pushed to testing.
This update's test gating status has been changed to 'passed'.
Works.
Works without issues
This update can be pushed to stable now if the maintainer wishes
works
works
Working
Works with no problems discovered
tmz edited this update.
no issues in regular usage
Looks good to me. All my git-fu is still working as expected.
This update has been submitted for stable by tmz.
no issues
This update has been pushed to stable.