Message ID | 8635iabj7y.fsf@163.com |
---|---|
State | Accepted |
Headers | show |
Series | [bug#55001] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git branch | success | View Git branch |
cbaines/applying patch | fail | View Laminar job |
cbaines/issue | success | View issue |
Hi Zihao, Is this not a Windows-only vulnerability and bugfix release (also CVE-2022-24767)? Greg On Mon, Apr 18, 2022 at 9:44 AM Zhu Zihao <all_but_last@163.com> wrote: > > -- > Retrieve my PGP public key: > > gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F > > Zihao >
Greg Hogan <code@greghogan.com> writes: > Hi Zihao, > > Is this not a Windows-only vulnerability and bugfix release (also CVE-2022-24767)? > > Greg > > On Mon, Apr 18, 2022 at 9:44 AM Zhu Zihao <all_but_last@163.com> wrote: > > -- > Retrieve my PGP public key: > > gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F > > Zihao Hi. https://www.phoronix.com/scan.php?page=news_item&px=Git-CVE-2022-24765 This article says "likely due to only affect Microsoft Windows". I haven't test this CVE on *nix systems. If it doesn't affect Guix systems, should I remove "[fixes CVE-2022-24765]" in the git commit message or leave it there?
Zhu Zihao schreef op di 19-04-2022 om 00:02 [+0800]: > > Hi. > > https://www.phoronix.com/scan.php?page=news_item&px=Git-CVE-2022-24765 > > This article says "likely due to only affect Microsoft Windows". I > haven't test this CVE on *nix systems. > > If it doesn't affect Guix systems, should I remove "[fixes > CVE-2022-24765]" in the git commit message or leave it there? According to <https://lwn.net/Articles/891112/#Comments> and its comments, it affects ‘multi-user (*) Linux (**) systems’ as well, if someone has their git repo inside /tmp. (Does anyone actually do that?) (*) I would think this includes otherwise single-user systems with a compromised daemon as well? (**) Presumably also GNU/Hurd and the BSDs. Greetings, Maxime.
From c1ced93b4acc56f9a33d10ebed8b1cefc7dc1b9d Mon Sep 17 00:00:00 2001 From: Zhu Zihao <all_but_last@163.com> Date: Mon, 18 Apr 2022 21:40:19 +0800 Subject: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 * gnu/packages/version-control.scm (git): Update to 2.35.2. --- gnu/packages/version-control.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index d77c2e51f6..9902483d76 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -221,14 +221,14 @@ (define git-cross-configure-flags (define-public git (package (name "git") - (version "2.35.1") + (version "2.35.2") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "100h37cpw49pmlpf6lcpm1xi578gllf6y9in60h5mxj3cj754s6p")))) + "1wq0wrdg81b324y17fr4jaw5zk2i4fah0f99rhndpsywlm7hqgf7")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -248,7 +248,7 @@ (define-public git version ".tar.xz")) (sha256 (base32 - "00rqdj2bc3i7pfc16pciiz50ww41jkqg18iy5hi5jnf0y98sgqz4")))) + "1s3fbnl2slwd3b5j2281z8jwypsqydd1n7yg90v7vb369njvmsd0")))) ;; For subtree documentation. ("asciidoc" ,asciidoc) ("docbook-xsl" ,docbook-xsl) -- 2.35.1