Overview

File _patchinfo of Package patchinfo.37098

<patchinfo incident="37098">
  <issue tracker="cve" id="2024-32021"/>
  <issue tracker="cve" id="2024-52006"/>
  <issue tracker="cve" id="2024-32004"/>
  <issue tracker="cve" id="2024-32020"/>
  <issue tracker="cve" id="2024-50349"/>
  <issue tracker="cve" id="2024-32465"/>
  <issue tracker="cve" id="2024-32002"/>
  <issue tracker="bnc" id="1224168">VUL-0: CVE-2024-32002: git: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion</issue>
  <issue tracker="bnc" id="1224171">VUL-0: CVE-2024-32020: git: file overwriting vulnerability during local clones</issue>
  <issue tracker="bnc" id="1224173">VUL-0: CVE-2024-32465: git: arbitrary code execution during clone operations</issue>
  <issue tracker="bnc" id="1235601">VUL-0: CVE-2024-52006: git: Carriage Returns via the credential protocol to credential helpers</issue>
  <issue tracker="bnc" id="1224170">VUL-0: CVE-2024-32004: git: arbitrary code execution during local clones</issue>
  <issue tracker="bnc" id="1224172">VUL-0: CVE-2024-32021: git: git may create hardlinks to arbitrary user-readable files</issue>
  <issue tracker="bnc" id="1235600">VUL-0: CVE-2024-50349: git: passwords for trusted sites could be sent to untrusted sites</issue>
  <packager>ateixeira</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for git</summary>
  <description>This update for git fixes the following issues:

- CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170)
- CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171)
- CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173)
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places