<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/git/git_2.35.7.bb, branch yocto-4.0.12</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.12</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.12'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-05-30T14:11:15+00:00</updated>
<entry>
<title>git: ignore CVE-2023-25815</title>
<updated>2023-05-30T14:11:15+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-05-22T07:36:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f72863d66e8d4588f53253283e50fb474afa2ebb'/>
<id>urn:sha1:f72863d66e8d4588f53253283e50fb474afa2ebb</id>
<content type='text'>
This is specific to Git-for-Windows.

(From OE-Core rev: 472a3e05270deace2862973dee2e65e60f9c0c19)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: fix CVE-2023-25652</title>
<updated>2023-05-12T14:04:52+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-05-07T08:09:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6d618c1b8b64cf285aa6878c9b0fd61a7c7757cf'/>
<id>urn:sha1:6d618c1b8b64cf285aa6878c9b0fd61a7c7757cf</id>
<content type='text'>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652

Upstream patches:
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b

(From OE-Core rev: 335ad8a6d795cd94b872370e44a033ce3fbf4890)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: fix CVE-2023-29007</title>
<updated>2023-05-12T14:04:52+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-05-07T08:08:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=04316b4f470e28cdb47f49e84e5f9848ccb5368c'/>
<id>urn:sha1:04316b4f470e28cdb47f49e84e5f9848ccb5368c</id>
<content type='text'>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted
`.gitmodules` file with submodule URLs that are longer than 1024 characters can used
to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug
can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when
attempting to remove the configuration section associated with that submodule. When the
attacker injects configuration values which specify executables to run (such as
`core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,
2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running
`git submodule deinit` on untrusted repositories or without prior inspection of any
submodule sections in `$GIT_DIR/config`.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29007

Upstream patches:
https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a

(From OE-Core rev: 1b55343b6346437b80b8a8180ae1bc9f480d92ef)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>git: ignore CVE-2023-22743</title>
<updated>2023-03-28T21:31:53+00:00</updated>
<author>
<name>Chee Yang Lee</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2023-03-18T11:58:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=343ed537c3ae1e740b9e2a8fa3b3a210ade5dccf'/>
<id>urn:sha1:343ed537c3ae1e740b9e2a8fa3b3a210ade5dccf</id>
<content type='text'>
(From OE-Core rev: 8a8a86076f9eed36b7f4c831ad8882d07de62e8e)

Signed-off-by: Chee Yang Lee &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
(cherry picked from commit 70adf86b515934168a6185dcff4a8edb39a40017)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>git: upgrade 2.35.6 -&gt; 2.35.7</title>
<updated>2023-02-24T16:41:46+00:00</updated>
<author>
<name>Sakib Sajal</name>
<email>sakib.sajal@windriver.com</email>
</author>
<published>2023-02-15T21:42:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cd38b687c4a7a25fc3f7f6086e36f1ec3a2bcc3d'/>
<id>urn:sha1:cd38b687c4a7a25fc3f7f6086e36f1ec3a2bcc3d</id>
<content type='text'>
Upgrade git to latest 2.37.x release to address
security issues CVE-2022-23521 and CVE-2022-41903.

(From OE-Core rev: 0e7de5066491bc9b860ad4d65965d6f848898aff)

Signed-off-by: Sakib Sajal &lt;sakib.sajal@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
