From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) by sourceware.org (Postfix) with ESMTPS id 3FAFC3857342 for ; Wed, 13 Apr 2022 07:50:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3FAFC3857342 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dinwoodie.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=dinwoodie.org Received: by mail-yb1-xb2c.google.com with SMTP id m132so2267300ybm.4 for ; Wed, 13 Apr 2022 00:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dinwoodie.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=PsXj5xLE/jP+GYOcMO8ETlQVC8n3nyREPc7f1pBOPDQ=; b=qsDV0GTwFm/cHd2XK5OVX4dFHSeA5MdGizoFufMXfVpluQjRdQE2CboZKTc4x1TxvL pF7e409UyBLiuJYYmhyL3Tja84kD7TjGo2CfzdH1GdnOwUhF/ACFnrz01YW0aTqBtEHz Sd5h/tExArVF+lcVUaaq7tTrCYV0cI1fPEN54= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PsXj5xLE/jP+GYOcMO8ETlQVC8n3nyREPc7f1pBOPDQ=; b=IUW3JRZeRnGli7pyMIOrdBSW3kgo0+ZLF0wAzL0gaOmNUp6xtwoe1zt5WXRdXObjvj oHiaIT4f09t/lRukD+/iR4zK1BcRGVcJ4zO0ktFSBEPTE9DWCHGBiKda8iiPmE7/aciP 8O+XgPHMPXWFqKLBfqlKw8zeU+MuSnI4JJ4hSbJfqAaDXPBgKd+EuRpio7anssYZqtZj W+22MWDqV9JZXHZsch+zW+4Ee1W1HGAyPfzidbmIY0GnvxFCRFcI3jBbz2klaLtx0dho sYfg0si88Fg+sdVI5fsrq7fVInHGlgH3vcqcnG06zPUJs1lOrBmVKDqqeUPzoZ+xNuvx YZ/Q== X-Gm-Message-State: AOAM533EQ5wUw5VQqrhG7PWfM2JPfUpH+cvd3KQSVaWuWf9B+2uXWanD GiJ7n54s8NUPY3KwRuaWVOAmdBC+V/Jc5d0Vf5wyJkAayeU= X-Google-Smtp-Source: ABdhPJyUEavtDPTTdgb/JT8Ql5012VMGSsRpe0cTnSinVmszFXKeNIbZsgWcKLjS+ILv+1RPWqx0KO4zENI5aWYh7MU= X-Received: by 2002:a25:bfc7:0:b0:641:3c31:fe2d with SMTP id q7-20020a25bfc7000000b006413c31fe2dmr11216458ybm.531.1649836209614; Wed, 13 Apr 2022 00:50:09 -0700 (PDT) MIME-Version: 1.0 From: Adam Dinwoodie Date: Wed, 13 Apr 2022 08:49:34 +0100 Message-ID: Subject: Security update: Git v2.35.2-1 To: cygwin-announce@cygwin.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_20, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Read-only mailing list announcing new and updated Cygwin packages List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2022 07:50:11 -0000 Version 2.35.2-1 of Git has been uploaded and should be coming soon to a mirror near you. This is an update to the latest upstream release, and fixes security vulnerability CVE-2022-24765: > On multi-user machines, Git users might find themselves unexpectedly > in a Git worktree, e.g. when another user created a repository in > `C:\.git`, in a mounted network drive or in a scratch space. Merely > having a Git-aware prompt that runs `git status` (or `git diff`) and > navigating to a directory which is supposedly not a Git worktree, or > opening such a directory in an editor or IDE such as VS Code or Atom, > will potentially run commands defined by that other user. This update includes the following packages: - git - git-cvs - git-debuginfo - git-email - git-gui - gitk - git-p4 - git-svn For a full list of the upstream changes in this release, please refer to the upstream changelogs, available at: https://git.kernel.org/cgit/git/git.git/tree/Documentation/RelNotes https://github.com/git/git/tree/master/Documentation/RelNotes Enjoy!