Date: Wed, 13 Jul 2022 17:13:18 -0700 From: Junio C Hamano <junio@...ox.com> To: oss-security@...ts.openwall.com cc: git-security@...glegroups.com, ycdxsb <ycdxsb@...il.com>, Carlo Marcelo Arenas Belón <carenas@...il.com>, Johannes Schindelin <johannes.schindelin@....de> Subject: Git v2.37.1 and friends for CVE-2022-29187 The Git project released new versions on July 12th, 2022, addressing CVE-2022-29187. We highly recommend to upgrade to one of these fixed versions: v2.30.5 v2.31.4 v2.32.3 v2.33.4 v2.34.4 v2.35.4 v2.36.2 v2.37.1 If you are on the unreleased development track, the same fix is already included, so you do not have to do anything. https://email@example.com/ This fix contained in these releases are minor updates for the changes that went into Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). Credit for finding and fixing the problem goes to Carlo Marcelo Arenas Belón and Johannes Schindelin. Thanks.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.