NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3f7afc40e1
kumquat-buildroot/package/git/git.hash
Peter Korsgaard 832107c6dc package/git: security bump to version 2.31.2 
Fixes the following security issue:

 CVE-2022-24765:
  On multi-user machines, Git users might find themselves unexpectedly in
  a Git worktree, e.g. when there is a scratch space (`/scratch/`) intended
  for all users and another user created a repository in `/scratch/.git`.
  Merely having a Git-aware prompt that runs `git status` (or `git diff`)
  and navigating to a directory which is supposedly not a Git worktree, or
  opening such a directory in an editor or IDE such as VS Code or Atom, will
  potentially run commands defined by that other user via
  `/scratch/.git/config`.

https://www.openwall.com/lists/oss-security/2022/04/12/7

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-14 22:14:26 +02:00

6 lines
345 B
Plaintext
Raw Blame History

# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
sha256 d9167d801cf4aa2abca6e8f43d5d1b383e02e4d257ac1dc071802bb773ed0e2a git-2.31.2.tar.xz
# Locally calculated
sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
Reference in New Issue View Git Blame Copy Permalink