A security issue in GitPython just became public:
There is no fix available yet, but hopefully there will be soon.
Assigning anyway to the Python people.
Who is going to notice the fix when published?
Fedora has issued an advisory for this today (January 4):
The issue is fixed upstream in 3.1.30.
Fixed upstream in 3.1.30Severity:
Updated in cauldron
Now in Mageia 8 testing:
Fixed upstream in 3.1.30 =>
MGA8-644 MATE on Acer Aspire 5253
No installation issues.
Following procedure from bug 18540 Comment 5, first installed git and its dependencies, then
$ git clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Cloning into 'linux'...
remote: Enumerating objects: 539, done.
remote: Counting objects: 100% (539/539), done.
remote: Compressing objects: 100% (307/307), done.
remote: Total 9229031 (delta 342), reused 314 (delta 232), pack-reused 9228492
Receiving objects: 100% (9229031/9229031), 2.54 GiB | 4.41 MiB/s, done.
Resolving deltas: 100% (7565206/7565206), done.
Checking objects: 100% (33554432/33554432), done.
Updating files: 100% (79495/79495), done.
Python 3.8.14 (default, Oct 4 2022, 06:27:18)
[GCC 10.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from git import repo
>>> rp = repo.Repo('~/linux/')
>>> cm = rp.commit("ad3e2751e7")
That is exactly the same, so OK for me.
An update for this issue has been pushed to the Mageia Updates repository.