[Bug 1201431] New: VUL-0: CVE-2022-29187: git: incomplete fix for CVE-2022-24765
http://bugzilla.opensuse.org/show_bug.cgi?id=1201431 Bug ID: 1201431 Summary: VUL-0: CVE-2022-29187: git: incomplete fix for CVE-2022-24765 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: danilo.spinella@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- From https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html Fixed in Git v2.37.1, v2.30.5, v2.31.4, v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 CVE-2022-29187, where the fixes in v2.36.1 and below to address CVE-2022-24765 released earlier may not have been complete. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1201431
http://bugzilla.opensuse.org/show_bug.cgi?id=1201431#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1201431
http://bugzilla.opensuse.org/show_bug.cgi?id=1201431#c3
--- Comment #3 from Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com