guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].

From: Maxime Devos
Subject: [bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].
Date: Mon, 18 Apr 2022 20:03:16 +0200
User-agent: Evolution 3.38.3-1 
Zhu Zihao schreef op di 19-04-2022 om 00:02 [+0800]:
> 
> Hi.
> 
> https://www.phoronix.com/scan.php?page=news_item&px=Git-CVE-2022-24765
> 
> This article says "likely due to only affect Microsoft Windows". I
> haven't test this CVE on *nix systems.
> 
> If it doesn't affect Guix systems, should I remove "[fixes
> CVE-2022-24765]" in the git commit message or leave it there?

According to <https://lwn.net/Articles/891112/#Comments> and its
comments, it affects ‘multi-user (*) Linux (**) systems’ as well, if
someone has their git repo inside /tmp.  (Does anyone actually do
that?)

(*) I would think this includes otherwise single-user systems with a
compromised daemon as well?  
(**) Presumably also GNU/Hurd and the BSDs.

Greetings,
Maxime.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to
[Prev in Thread] Current Thread [Next in Thread]