commit git for openSUSE:Factory

Thu, 27 Apr 2023 10:59:30 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package git for openSUSE:Factory checked in 
at 2023-04-27 19:59:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/git (Old)
 and      /work/SRC/openSUSE:Factory/.git.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "git"

Thu Apr 27 19:59:12 2023 rev:298 rq:1082939 version:2.40.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/git/git.changes  2023-04-14 13:12:53.443499555 
+0200
+++ /work/SRC/openSUSE:Factory/.git.new.1533/git.changes        2023-04-27 
19:59:14.933330985 +0200
@@ -1,0 +2,19 @@
+Tue Apr 25 20:43:30 UTC 2023 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- git 2.40.1:
+  * CVE-2023-25652: By feeding specially crafted input to git apply
+    --reject, a path outside the working tree can be overwritten
+    with partially controlled contents (corresponding to the
+    rejected hunk(s) from the given patch).
+  * CVE-2023-25815: When Git is compiled with runtime prefix
+    support and runs without translated messages, it still used
+    the gettext machinery to display messages, which subsequently
+    potentially looked for translated messages in unexpected
+    places. This allowed for malicious placement of crafted
+    messages.
+  * CVE-2023-29007: When renaming or deleting a section from a
+    configuration file, certain malicious configuration values may
+    be misinterpreted as the beginning of a new configuration
+    section, leading to arbitrary configuration injection.
+
+-------------------------------------------------------------------

Old:
----
  git-2.40.0.tar.sign
  git-2.40.0.tar.xz

New:
----
  git-2.40.1.tar.sign
  git-2.40.1.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ git.spec ++++++
--- /var/tmp/diff_new_pack.KKP1h8/_old  2023-04-27 19:59:15.773335923 +0200
+++ /var/tmp/diff_new_pack.KKP1h8/_new  2023-04-27 19:59:15.781335970 +0200
@@ -36,7 +36,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.40.0
+Version:        2.40.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only

++++++ git-2.40.0.tar.xz -> git-2.40.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/git/git-2.40.0.tar.xz 
/work/SRC/openSUSE:Factory/.git.new.1533/git-2.40.1.tar.xz differ: char 15, 
line 1

Reply via email to