kumquat-buildroot/package/git
Fabrice Fontaine 15293e0360 package/git: security bump to version 2.31.4
Fix CVE-2022-29187: Git is a distributed revision control system. Git
prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3,
2.31.4, and 2.30.5, is vulnerable to privilege escalation in all
platforms. An unsuspecting user could still be affected by the issue
reported in CVE-2022-24765, for example when navigating as root into a
shared tmp directory that is owned by them, but where an attacker could
create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4,
2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The
simplest way to avoid being affected by the exploit described in the
example is to avoid running git as root (or an Administrator in
Windows), and if needed to reduce its use to a minimum. While a generic
workaround is not possible, a system could be hardened from the exploit
described in the example by removing any such repository if it exists
already and creating one as root to block any future attacks.

https://github.com/git/git/blob/v2.31.4/Documentation/RelNotes/2.31.4.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-09-18 12:54:38 +02:00
..
0001-Fix-build-without-threads.patch
Config.in
git.hash
git.mk