Bug ID | 1201431 |
---|---|
Summary | VUL-0: CVE-2022-29187: git: incomplete fix for CVE-2022-24765 |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.4 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | danilo.spinella@suse.com |
Reporter | Andreas.Stieger@gmx.de |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
From https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html Fixed in Git v2.37.1, v2.30.5, v2.31.4, v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 CVE-2022-29187, where the fixes in v2.36.1 and below to address CVE-2022-24765 released earlier may not have been complete. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688