FEDORA-2023-2b3acb6cfd — security update for git

stable

git-2.39.2-1.fc36

FEDORA-2023-2b3acb6cfd created by tmz 2 years ago for Fedora 36

Update to 2.39.2 (CVE-2023-22490, CVE-2023-23946)

Refer to the upstream release notes and the security advisories (CVE-2023-22490, CVE-2023-23946) for details.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-2b3acb6cfd

This update has been submitted for testing by tmz.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'passed'.

2 years ago

This update has been pushed to testing.

2 years ago

boycottsystemd1 provided feedback 2 years ago

karma

tmz edited this update.

2 years ago

t3rm1n4l commented & provided feedback 2 years ago

karma

wfm

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by tmz.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-2

Stable by Karma

Stable by Time

14 days

Dates

submitted

2 years ago

in testing

2 years ago

in stable

2 years ago

modified

2 years ago

Builds

git-2.39.2-1.fc36

BZ#2168160 CVE-2023-22490 git: data exfiltration with maliciously crafted repository

BZ#2168161 CVE-2023-23946 git: git apply: a path outside the working tree can be overwritten with crafted input

BZ#2170907 CVE-2023-22490 git: data exfiltration with maliciously crafted repository [fedora-all]

BZ#2170912 CVE-2023-23946 git: git apply: a path outside the working tree can be overwritten with crafted input [fedora-all]

git-2.39.2-1.fc36

Automated Test Results

passed