Skip to content

git: Update version from 2.30.2 to 2.30.3 #2629

Jump to bottom
Merged
merged 1 commit into from
Apr 12, 2022
Merged

git: Update version from 2.30.2 to 2.30.3 #2629

merged 1 commit into from
Apr 12, 2022

Conversation

donald
Copy link
Collaborator

@donald donald commented Apr 12, 2022

Upgrade to 2.30.3 because of CVE-2022-24765:

On multi-user machines, Git users might find themselves unexpectedly in
a Git worktree, e.g. when there is a scratch space (/scratch/)
intended for all users and another user created a repository in
/scratch/.git. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an editor
or IDE such as VS Code or Atom, will potentially run commands defined by
that other user via /scratch/.git/config.

@donald
git: Update version from 2.30.2 to 2.30.3
19c5222 
Upgrade to 2.30.3 because of CVE-2022-24765:

On multi-user machines, Git users might find themselves unexpectedly in
a Git worktree, e.g. when there is a scratch space (`/scratch/`)
intended for all users and another user created a repository in
`/scratch/.git`.  Merely having a Git-aware prompt that runs `git
status` (or `git diff`) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an editor
or IDE such as VS Code or Atom, will potentially run commands defined by
that other user via `/scratch/.git/config`.
@donald donald merged commit 43ba12a into master Apr 12, 2022
@donald donald mentioned this pull request Apr 19, 2022
Merged
Sign in to join this conversation on GitHub.
Reviewers

@pmenzel pmenzel pmenzel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@donald @pmenzel