File: 2.30.3.txt

package info (click to toggle)
cgit 1.2.3%2Bgit20240802.70.09d24d7%2Bgit2.46.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 56,184 kB
  • sloc: ansic: 301,641; sh: 254,574; perl: 29,353; tcl: 22,151; makefile: 4,198; python: 3,594; javascript: 810; csh: 45; ruby: 43; lisp: 12
file content (24 lines) | stat: -rw-r--r-- 865 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
Git v2.30.2 Release Notes
=========================

This release addresses the security issue CVE-2022-24765.

Fixes since v2.30.2
-------------------

 * Build fix on Windows.

 * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.

 * CVE-2022-24765:
   On multi-user machines, Git users might find themselves
   unexpectedly in a Git worktree, e.g. when another user created a
   repository in `C:\.git`, in a mounted network drive or in a
   scratch space. Merely having a Git-aware prompt that runs `git
   status` (or `git diff`) and navigating to a directory which is
   supposedly not a Git worktree, or opening such a directory in an
   editor or IDE such as VS Code or Atom, will potentially run
   commands defined by that other user.

Credit for finding this vulnerability goes to 俞晨东; The fix was
authored by Johannes Schindelin.