Updated git packages fix security vulnerability
Publication date: 28 Oct 2022Modification date: 28 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-39253 , CVE-2022-39260 , CVE-2022-29187
Description
CVE-2022-39253: A malicious actor could convince a victim to clone a
repository with a symbolic link pointing at sensitive information on the
victim's machine.
CVE-2022-39260: Allowing a malicious actor to intentionally overflow the
return value, leading to arbitrary heap writes.
CVE-2022-29187: privilege escalation
References
- https://bugs.mageia.org/show_bug.cgi?id=30985
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.30.6.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
SRPMS
8/core
- git-2.30.6-1.mga8