|
| 1 | +Git v2.30.8 Release Notes |
| 2 | +========================= |
| 3 | + |
| 4 | +This release addresses the security issues CVE-2023-22490 and |
| 5 | +CVE-2023-23946. |
| 6 | + |
| 7 | + |
| 8 | +Fixes since v2.30.7 |
| 9 | +------------------- |
| 10 | + |
| 11 | + * CVE-2023-22490: |
| 12 | + |
| 13 | + Using a specially-crafted repository, Git can be tricked into using |
| 14 | + its local clone optimization even when using a non-local transport. |
| 15 | + Though Git will abort local clones whose source $GIT_DIR/objects |
| 16 | + directory contains symbolic links (c.f., CVE-2022-39253), the objects |
| 17 | + directory itself may still be a symbolic link. |
| 18 | + |
| 19 | + These two may be combined to include arbitrary files based on known |
| 20 | + paths on the victim's filesystem within the malicious repository's |
| 21 | + working copy, allowing for data exfiltration in a similar manner as |
| 22 | + CVE-2022-39253. |
| 23 | + |
| 24 | + * CVE-2023-23946: |
| 25 | + |
| 26 | + By feeding a crafted input to "git apply", a path outside the |
| 27 | + working tree can be overwritten as the user who is running "git |
| 28 | + apply". |
| 29 | + |
| 30 | + * A mismatched type in `attr.c::read_attr_from_index()` which could |
| 31 | + cause Git to errantly reject attributes on Windows and 32-bit Linux |
| 32 | + has been corrected. |
| 33 | + |
| 34 | +Credit for finding CVE-2023-22490 goes to yvvdwf, and the fix was |
| 35 | +developed by Taylor Blau, with additional help from others on the |
| 36 | +Git security mailing list. |
| 37 | + |
| 38 | +Credit for finding CVE-2023-23946 goes to Joern Schneeweisz, and the |
| 39 | +fix was developed by Patrick Steinhardt. |
| 40 | + |
| 41 | + |
| 42 | +Johannes Schindelin (1): |
| 43 | + attr: adjust a mismatched data type |
| 44 | + |
| 45 | +Patrick Steinhardt (1): |
| 46 | + apply: fix writing behind newly created symbolic links |
| 47 | + |
| 48 | +Taylor Blau (3): |
| 49 | + t5619: demonstrate clone_local() with ambiguous transport |
| 50 | + clone: delay picking a transport until after get_repo_path() |
| 51 | + dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS |
| 52 | + |
0 commit comments