stable

git-2.37.1-1.fc36

FEDORA-2022-dfd7e7fc0e created by tmz a year ago for Fedora 36

Update to 2.37.1 (CVE-2022-29187)

From the release notes for 2.30.5:

This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

 * The safety check that verifies a safe ownership of the Git 
   worktree is now extended to also cover the ownership of the Git 
   directory (and the `.git` file, if there is any).

Carlo Marcelo Arenas Belón (1):
      setup: tighten ownership checks post CVE-2022-24765

Further details are available in the upstream advisory.

Additionally, from the release notes for 2.37.1:

 * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
   correctly record a removed file to the index, which is an old 
   regression but has become widely known because the C version has 
   become the default in the latest release.

Last, but not least, are the usual bugfixes and improvements found since the 2.36 release. For details, refer to the release notes for 2.37.0.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-dfd7e7fc0e

This update has been submitted for testing by tmz.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has been pushed to testing.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago
User Icon bojan commented & provided feedback a year ago
karma

Works.

User Icon frantisekz commented & provided feedback a year ago
karma

Works without issues

This update can be pushed to stable now if the maintainer wishes

a year ago
User Icon andilinux commented & provided feedback a year ago
karma

works

User Icon andilinux commented & provided feedback a year ago
karma

works

User Icon vtrefny provided feedback a year ago
karma
User Icon mhayden commented & provided feedback a year ago
karma

Working

karma
User Icon nedal provided feedback a year ago
karma
User Icon lruzicka commented & provided feedback a year ago
karma

Works with no problems discovered

User Icon imabug provided feedback a year ago
karma

tmz edited this update.

a year ago
User Icon kparal commented & provided feedback a year ago
karma

no issues in regular usage

User Icon decathorpe commented & provided feedback a year ago
karma

Looks good to me. All my git-fu is still working as expected.

This update has been submitted for stable by tmz.

a year ago

no issues

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
11
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#2107439 CVE-2022-29187 git: Bypass of safe.directory protections
0
0
BZ#2107450 CVE-2022-29187 git: Bypass of safe.directory protections [fedora-all]
0
0

Automated Test Results