Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Git does not sanitize URLs when asking for credentials interactively. (CVE-2024-50349)

Newline confusion in credential helpers can lead to credential exfiltration in git. (CVE-2024-52006)

References:
https://www.openwall.com/lists/oss-security/2025/01/14/4
========================

Updated packages in core/updates_testing:
========================
git-2.41.3-1.mga9
git-arch-2.41.3-1.mga9
git-core-2.41.3-1.mga9
git-core-oldies-2.41.3-1.mga9
git-cvs-2.41.3-1.mga9
git-email-2.41.3-1.mga9
git-prompt-2.41.3-1.mga9
git-scalar-2.41.3-1.mga9
git-subtree-2.41.3-1.mga9
git-svn-2.41.3-1.mga9
gitk-2.41.3-1.mga9
gitweb-2.41.3-1.mga9
lib(64)git-devel-2.41.3-1.mga9
perl-Git-2.41.3-1.mga9
perl-Git-SVN-2.41.3-1.mga9

from SRPM:
git-2.41.3-1.mga9.src.rpm

Source RPM: git-2.47.0-1.mga10.src.rpm, git-2.41.1-1.mga9.src.rpm => git-2.41.1-1.mga9.src.rpm
Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 2.47.1 and 2.41.3 => (none)
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Status: NEW => ASSIGNED

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 31856 for testing.
$ git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint: 
hint:   git config --global init.defaultBranch <name>
hint: 
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint: 
hint:   git branch -m <name>
Initialized empty Git repository in /home/tester9/.git/
$ git config --global user.name "tester9"
$ git config --global user.email "herman.viaene@hotmail.be"
$ git add ~/Documents/soup.txt
$ git branch
$ git show
fatal: your current branch 'master' does not have any commits yet
$ git commit -a
[master (root-commit) 573c1ca] nieuw bestand
 1 file changed, 441424 insertions(+)
 create mode 100644 Documents/soup.txt
[tester9@mach3 ~]$ git show
commit 573c1cac009e004b1f5985919a877c3cdb084d59 (HEAD -> master)
Author: tester9 <herman.viaene@hotmail.be>
Date:   Fri Jan 17 14:14:05 2025 +0100

    nieuw bestand

diff --git a/Documents/soup.txt b/Documents/soup.txt
new file mode 100644
index 0000000..0d50c70
--- /dev/null
+++ b/Documents/soup.txt
@@ -0,0 +1,441424 @@
+execve("/usr/bin/hardinfo", ["hardinfo"], 0x7ffca7cb7ca0 /* 82 vars */) = 0
+brk(NULL)                               = 0x2507c000
+mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dd4f5f000
+access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
etc.....
Good to go.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Installed and tested without issues.

Tested:
- for four days of work;
- with existing and new repositories;
- pull/push from/to forgejo, github, and gitlab;
- integration with Kate, Qt Creator, Netbeans, and KDevelop;
- CLI commands.

All OK.



System Server: Mageia 9, x86_64, AMD Ryzen 5 5600G with Radeon Graphics.



$ uname -a
Linux jupiter 6.6.65-desktop-2.mga9 #1 SMP PREEMPT_DYNAMIC Thu Dec 12 12:42:26 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep -iP 'git.*-2.41.3' | sort
git-2.41.3-1.mga9
git-arch-2.41.3-1.mga9
git-core-2.41.3-1.mga9
git-core-oldies-2.41.3-1.mga9
git-cvs-2.41.3-1.mga9
git-email-2.41.3-1.mga9
gitk-2.41.3-1.mga9
git-prompt-2.41.3-1.mga9
perl-Git-2.41.3-1.mga9

CC: (none) => mageia

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0016.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED