Git 2.30.6 has been released on October 18, fixing security issues: https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.30.6.txt https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
Status comment: (none) => Fixed upstream in 2.30.6Blocks: (none) => 30633
Ubuntu has issued an advisory for this on October 18: https://ubuntu.com/security/notices/USN-5686-1
Assigning to Stig who has done a lot of version updates for this thing. Note this is a rare security update just for Mageia 8. I see in Cauldron updates to 2.30.0/1/2, then it jumps to 2.31 et seq.
Assignee: bugsquad => smelror
Advisory ======== Git has been updated to fix 2 security issues. CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. References ========== https://cve.circl.lu/cve/CVE-2022-39253 https://cve.circl.lu/cve/CVE-2022-39260 https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.30.6.txt Files ===== Uploaded to core/updates_testing git-core-oldies-2.30.6-1.mga8 git-2.30.6-1.mga8 perl-Git-2.30.6-1.mga8 git-prompt-2.30.6-1.mga8 git-arch-2.30.6-1.mga8 git-email-2.30.6-1.mga8 git-svn-2.30.6-1.mga8 perl-Git-SVN-2.30.6-1.mga8 git-cvs-2.30.6-1.mga8 gitweb-2.30.6-1.mga8 gitk-2.30.6-1.mga8 git-subtree-2.30.6-1.mga8 lib64git-devel-2.30.6-1.mga8 git-core-2.30.6-1.mga8 from git-2.30.6-1.mga8.src.rpm
Assignee: smelror => qa-bugs
Thanks Stig-Ørjan. Would you mind taking care of libgit2 as well (see Bug 30633).
Status comment: Fixed upstream in 2.30.6 => (none)CC: (none) => smelror
Speaking of which, CVE-2022-29187 needs to be added to the advisory, as this update will fix that too.
MGA8-64 MATE on Acer Aspire 5253 No installation issues Ref bug 30277 Comment 2 for testing $ git init hint: Using 'master' as the name for the initial branch. This default branch and more hints ..... Initialized empty Git repository in /home/tester8/.git/ $ git config --global user.name "tester8" $ git config --global user.email "herman.viaene@hotmail.be" [tester8@mach7 ~]$ git add ~/Documents/exo.txt [tester8@mach7 ~]$ git branch [tester8@mach7 ~]$ git show fatal: your current branch 'master' does not have any commits yet [tester8@mach7 ~]$ git commit [master (root-commit) f053db1] test git 2.30.6 commit 1 file changed, 1293 insertions(+) create mode 100644 Documents/exo.txt This is different from previous version where I had to issue a specific command for the message, now it is one go. [tester8@mach7 ~]$ git show commit f053db162a3b560f1252420597ec3b332a3e2b82 (HEAD -> master) Author: tester8 <herman.viaene@hotmail.be> Date: Mon Oct 24 17:01:47 2022 +0200 test git 2.30.6 commit diff --git a/Documents/exo.txt b/Documents/exo.txt new file mode 100644 index 0000000..3902b92 --- /dev/null +++ b/Documents/exo.txt @@ -0,0 +1,1293 @@ +execve("/usr/bin/thunar", ["thunar"], 0x7ffc418dda20 /* 68 vars */) = 0 +brk(NULL) = 0xf1e000 and the further contents of the file.... This is all in line with previous updates, so OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 3, with an addition in Comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0396.html
Status: NEW => RESOLVEDResolution: (none) => FIXED