File _patchinfo of Package patchinfo.27784

<patchinfo incident="27784">
  <issue tracker="cve" id="2023-23946"/>
  <issue tracker="cve" id="2023-22490"/>
  <issue tracker="cve" id="2022-39253"/>
  <issue tracker="cve" id="2022-39260"/>
  <issue tracker="bnc" id="1204455">VUL-0: CVE-2022-39253: git: dereference issue with symbolic links via the `--local` clone mechanism</issue>
  <issue tracker="bnc" id="1208028">VUL-0: EMBARGOED: CVE-2023-23946: git: a path outside the working tree can be overwritten as the user who is running "git apply"</issue>
  <issue tracker="bnc" id="1204456">VUL-0: CVE-2022-39260: git: overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution</issue>
  <issue tracker="bnc" id="1208027">VUL-0: EMBARGOED: CVE-2023-22490: git: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport</issue>
  <packager>dspinella</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for git</summary>
  <description>This update for git fixes the following issues:

  - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027).
  - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028).
  - CVE-2022-39260: Fixed overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution (bsc#1204456).
  - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455).

</description>
</patchinfo>