d90a306a79
Per the upstream release notes from 2.30.3¹:
This release addresses the security issue CVE-2022-24765.
* CVE-2022-24765:
On multi-user machines, Git users might find themselves
unexpectedly in a Git worktree, e.g. when another user created a
repository in `C:\.git`, in a mounted network drive or in a
scratch space. Merely having a Git-aware prompt that runs `git
status` (or `git diff`) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an
editor or IDE such as VS Code or Atom, will potentially run
commands defined by that other user.
and 2.30.4²:
This release contains minor fix-ups for the changes that went into
Git 2.30.3, which was made to address CVE-2022-24765.
* The code that was meant to parse the new `safe.directory`
configuration variable was not checking what configuration
variable was being fed to it, which has been corrected.
* '*' can be used as the value for the `safe.directory` variable to
signal that the user considers that any directory is safe.
¹ https://github.com/git/git/raw/v2.30.3/Documentation/RelNotes/2.30.3.txt
² https://github.com/git/git/raw/v2.30.4/Documentation/RelNotes/2.30.4.txt
2 lines
318 B
Text
2 lines
318 B
Text
SHA512 (git-2.34.3.tar.xz) = 6bf06b11257bdea48bf37e83c16a805a603c3712c08bd771fb08e09c4d26b53e949249ebbf5e6a58b36a16e2defd1ac09c54312669bd4a5a7d48efb4ec15f59a
|
|
SHA512 (git-2.34.3.tar.sign) = 618501c751380c0e918ff6cb8d2ab40ebb95666c28f299916b1b89782b9c3028d1d87e7a0e4f8bb71b7e5488c3bd0c6528f93eeb3e04b42d922dd9d4ee420902
|