FreeBSD Bugzilla – Attachment 237437 Details for
Bug 267177
devel/git: Update to 2.38.1 (security release)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for vuln-2022.xml
CVE-2022-GIT.diff (text/plain), 1.28 KB, created by
rob2g2
on 2022-10-18 18:22:17 UTC
(
hide
)
Description:
patch for vuln-2022.xml
Filename:
MIME Type:
Creator:
rob2g2
Created:
2022-10-18 18:22:17 UTC
Size:
1.28 KB
patch
obsolete
>*** vuln-2022.bak Tue Oct 18 20:06:56 2022 >--- vuln-2022.xml Tue Oct 18 20:19:29 2022 >*************** >*** 0 **** >--- 1,37 ---- >+ <vuln vid="aa14ae87-4f0f-11ed-bb31-b42e99a1b9c3"> >+ <topic>git -- vulnerabilites</topic> >+ <affects> >+ <package> >+ <name>git</name> >+ <range><lt>2.38.1</lt></range> >+ </package> >+ <package> >+ <name>git-lite</name> >+ <range><lt>2.38.1</lt></range> >+ </package> >+ <package> >+ <name>git-tiny</name> >+ <range><lt>2.38.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Cory Snider of Mirantis and Kevin Backhouse of GitHub report:</p> >+ <blockquote cite="https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/"> >+ <ul> >+ <li>CVE-2022-39253: dereferenced links can lead to aribrary files in a repository</li> >+ <li>CVE-2022-39260: a command string can result in an overflow leading to arbitrary heap writes and remote code execution</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2022-39253</cvename> >+ <cvename>CVE-2022-39260</cvename> >+ </references> >+ <dates> >+ <discovery>2022-10-18</discovery> >+ <entry>2022-10-18</entry> >+ </dates> >+ </vuln> >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=237437">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 267177
: 237437