d4f20c985f
Per the upstream release notes from 2.30.3¹:
This release addresses the security issue CVE-2022-24765.
* CVE-2022-24765:
On multi-user machines, Git users might find themselves
unexpectedly in a Git worktree, e.g. when another user created a
repository in `C:\.git`, in a mounted network drive or in a
scratch space. Merely having a Git-aware prompt that runs `git
status` (or `git diff`) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an
editor or IDE such as VS Code or Atom, will potentially run
commands defined by that other user.
and 2.30.4²:
This release contains minor fix-ups for the changes that went into
Git 2.30.3, which was made to address CVE-2022-24765.
* The code that was meant to parse the new `safe.directory`
configuration variable was not checking what configuration
variable was being fed to it, which has been corrected.
* '*' can be used as the value for the `safe.directory` variable to
signal that the user considers that any directory is safe.
¹ https://github.com/git/git/raw/v2.30.3/Documentation/RelNotes/2.30.3.txt
² https://github.com/git/git/raw/v2.30.4/Documentation/RelNotes/2.30.4.txt
2 lines
318 B
Text
2 lines
318 B
Text
SHA512 (git-2.35.3.tar.xz) = c92f8663988c57702bb5ee542ac8f36e8a43d377d16106ee462ce0b0a575b9d51baaafc654bf1821fbea2fe476ffd64d7fb87084c7de4dd8065b01d5083492c5
|
|
SHA512 (git-2.35.3.tar.sign) = 5a4d300eb30af4cf8723110a25189b3d252f3e816ee9446aec0629fad21cb53ff95e3e6a00259d81589e7bae015b0209098391a44a52290b4f5f926b8fcd1852
|