This bug was fixed in the package git - 1:2.34.1-1ubuntu1.16
---------------
git (1:2.34.1-1ubuntu1.16) jammy-security; urgency=medium
* SECURITY REGRESSION: Broken safe.directory access from CVE-2022-24765
(LP: #2142239)
- debian/patches/CVE-2022-24765-fix1.patch: Add protected_config,
read_protected_config, and git_protected_config in config.c, config.h.
Add upload_pack_protected_config in upload-pack.c. Modify test in
t/t5544-pack-objects-hook.sh.
- debian/patches/CVE-2022-24765-fix2.patch: Replace read_very_early_config
with git_protected_config in setup.c.
-- Hlib Korzhynskyy <[email protected]> Thu, 19 Feb 2026
15:15:50 -0330
** Changed in: git (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2022-24765
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142239
Title:
CVE-2022-24765 regression for setting safe.directory
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/2142239/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
