diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-05-17 12:44:37 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-05-25 05:49:26 -1000 |
| commit | 1824a583fa72cd1debe39cc0cf352171b3a795a3 (patch) | |
| tree | 1f1f197c88d902d7cf748c05ab1b5c53f73c9015 /meta/recipes-devtools/git/git.inc | |
| parent | 967c2d41452ccb42fe832837bc96c2719328ec9f (diff) | |
| download | poky-1824a583fa72cd1debe39cc0cf352171b3a795a3.tar.gz | |
git: fix CVE-2023-25652
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652
Upstream-Status: Backport from https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
(From OE-Core rev: 6747482316b8f7839a09bf041d8c11b559f84b44)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/git/git.inc')
| -rw-r--r-- | meta/recipes-devtools/git/git.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 8b864053eb..e64472ea28 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc | |||
| @@ -29,6 +29,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ | |||
| 29 | file://CVE-2023-22490-3.patch \ | 29 | file://CVE-2023-22490-3.patch \ |
| 30 | file://CVE-2023-23946.patch \ | 30 | file://CVE-2023-23946.patch \ |
| 31 | file://CVE-2023-29007.patch \ | 31 | file://CVE-2023-29007.patch \ |
| 32 | file://CVE-2023-25652.patch \ | ||
| 32 | " | 33 | " |
| 33 | S = "${WORKDIR}/git-${PV}" | 34 | S = "${WORKDIR}/git-${PV}" |
| 34 | 35 | ||
