Request 1082939: Submit git - openSUSE Build Service

Overview

Request 1082939 accepted

- git 2.40.1:
* CVE-2023-25652: By feeding specially crafted input to git apply
--reject, a path outside the working tree can be overwritten
with partially controlled contents (corresponding to the
rejected hunk(s) from the given patch).
* CVE-2023-25815: When Git is compiled with runtime prefix
support and runs without translated messages, it still used
the gettext machinery to display messages, which subsequently
potentially looked for translated messages in unexpected
places. This allowed for malicious placement of crafted
messages.
* CVE-2023-29007: When renaming or deleting a section from a
configuration file, certain malicious configuration values may
be misinterpreted as the beginning of a new configuration
section, leading to arbitrary configuration injection.

Created by dspinella about 1 year ago
In state accepted

Submit git

Comments for request 1082939 0

Login required, please login in order to comment

Request History

dspinella created request about 1 year ago

- git 2.40.1:
* CVE-2023-25652: By feeding specially crafted input to git apply
--reject, a path outside the working tree can be overwritten
with partially controlled contents (corresponding to the
rejected hunk(s) from the given patch).
* CVE-2023-25815: When Git is compiled with runtime prefix
support and runs without translated messages, it still used
the gettext machinery to display messages, which subsequently
potentially looked for translated messages in unexpected
places. This allowed for malicious placement of crafted
messages.
* CVE-2023-29007: When renaming or deleting a section from a
configuration file, certain malicious configuration values may
be misinterpreted as the beginning of a new configuration
section, leading to arbitrary configuration injection.

dimstar_suse set openSUSE:Factory:Staging:D as a staging project about 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:D"

dimstar_suse accepted review about 1 year ago

Picked "openSUSE:Factory:Staging:D"

factory-auto added opensuse-review-team as a reviewer about 1 year ago

Please review sources

factory-auto accepted review about 1 year ago

Check script succeeded

licensedigger accepted review about 1 year ago

ok

dimstar accepted review about 1 year ago

dimstar_suse accepted review about 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

dimstar_suse approved review about 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

dimstar_suse accepted request about 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

openSUSE Build Service is sponsored by