[Buildroot] [PATCH] package/git: security bump to version 2.31.2
Peter Korsgaard
peter at korsgaard.com
Thu Apr 14 20:11:35 UTC 2022
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issue:
> CVE-2022-24765:
> On multi-user machines, Git users might find themselves unexpectedly in
> a Git worktree, e.g. when there is a scratch space (`/scratch/`) intended
> for all users and another user created a repository in `/scratch/.git`.
> Merely having a Git-aware prompt that runs `git status` (or `git diff`)
> and navigating to a directory which is supposedly not a Git worktree, or
> opening such a directory in an editor or IDE such as VS Code or Atom, will
> potentially run commands defined by that other user via
> `/scratch/.git/config`.
> https://www.openwall.com/lists/oss-security/2022/04/12/7
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list