diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-05-15 17:21:06 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-05-25 05:49:25 -1000 |
| commit | 967c2d41452ccb42fe832837bc96c2719328ec9f (patch) | |
| tree | b1138f31249a0047e1f7bef99821aa508c7b25c7 /meta/recipes-devtools/git/git.inc | |
| parent | a540df3791eab49bbe3a2eee2647606f0b115039 (diff) | |
| download | poky-967c2d41452ccb42fe832837bc96c2719328ec9f.tar.gz | |
git: fix CVE-2023-29007
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted
`.gitmodules` file with submodule URLs that are longer than 1024 characters can used
to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug
can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when
attempting to remove the configuration section associated with that submodule. When the
attacker injects configuration values which specify executables to run (such as
`core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,
2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running
`git submodule deinit` on untrusted repositories or without prior inspection of any
submodule sections in `$GIT_DIR/config`.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Upstream patches:
https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a
(From OE-Core rev: db4c152441aebe4c04a7bb7aceb88d8941a6576b)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/git/git.inc')
| -rw-r--r-- | meta/recipes-devtools/git/git.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 36318eed20..8b864053eb 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc | |||
| @@ -28,6 +28,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ | |||
| 28 | file://CVE-2023-22490-2.patch \ | 28 | file://CVE-2023-22490-2.patch \ |
| 29 | file://CVE-2023-22490-3.patch \ | 29 | file://CVE-2023-22490-3.patch \ |
| 30 | file://CVE-2023-23946.patch \ | 30 | file://CVE-2023-23946.patch \ |
| 31 | file://CVE-2023-29007.patch \ | ||
| 31 | " | 32 | " |
| 32 | S = "${WORKDIR}/git-${PV}" | 33 | S = "${WORKDIR}/git-${PV}" |
| 33 | 34 | ||
