]>
Commit | Line | Data |
---|---|---|
394a759d JH |
1 | Git v2.30.8 Release Notes |
2 | ========================= | |
3 | ||
4 | This release addresses the security issues CVE-2023-22490 and | |
5 | CVE-2023-23946. | |
6 | ||
7 | ||
8 | Fixes since v2.30.7 | |
9 | ------------------- | |
10 | ||
11 | * CVE-2023-22490: | |
12 | ||
13 | Using a specially-crafted repository, Git can be tricked into using | |
14 | its local clone optimization even when using a non-local transport. | |
15 | Though Git will abort local clones whose source $GIT_DIR/objects | |
16 | directory contains symbolic links (c.f., CVE-2022-39253), the objects | |
17 | directory itself may still be a symbolic link. | |
18 | ||
19 | These two may be combined to include arbitrary files based on known | |
20 | paths on the victim's filesystem within the malicious repository's | |
21 | working copy, allowing for data exfiltration in a similar manner as | |
22 | CVE-2022-39253. | |
23 | ||
24 | * CVE-2023-23946: | |
25 | ||
26 | By feeding a crafted input to "git apply", a path outside the | |
27 | working tree can be overwritten as the user who is running "git | |
28 | apply". | |
29 | ||
30 | * A mismatched type in `attr.c::read_attr_from_index()` which could | |
31 | cause Git to errantly reject attributes on Windows and 32-bit Linux | |
32 | has been corrected. | |
33 | ||
34 | Credit for finding CVE-2023-22490 goes to yvvdwf, and the fix was | |
35 | developed by Taylor Blau, with additional help from others on the | |
36 | Git security mailing list. | |
37 | ||
38 | Credit for finding CVE-2023-23946 goes to Joern Schneeweisz, and the | |
39 | fix was developed by Patrick Steinhardt. | |
40 | ||
41 | ||
42 | Johannes Schindelin (1): | |
43 | attr: adjust a mismatched data type | |
44 | ||
45 | Patrick Steinhardt (1): | |
46 | apply: fix writing behind newly created symbolic links | |
47 | ||
48 | Taylor Blau (3): | |
49 | t5619: demonstrate clone_local() with ambiguous transport | |
50 | clone: delay picking a transport until after get_repo_path() | |
51 | dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS |