| Bug ID | 1201431 |
|---|---|
| Summary | VUL-0: CVE-2022-29187: git: incomplete fix for CVE-2022-24765 |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.4 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | danilo.spinella@suse.com |
| Reporter | Andreas.Stieger@gmx.de |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
From https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html Fixed in Git v2.37.1, v2.30.5, v2.31.4, v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 CVE-2022-29187, where the fixes in v2.36.1 and below to address CVE-2022-24765 released earlier may not have been complete. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688