diff options
| author | Praveen Kumar <praveen.kumar@windriver.com> | 2025-09-01 12:58:38 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-09-08 08:27:11 -0700 |
| commit | e271e3cf365c081c5df80c16e1ea3d8bd5a99a6a (patch) | |
| tree | 6ea5d0ce8a697141b8f131d061f56558508e01f9 /meta/recipes-support/vim/files/no-path-adjust.patch | |
| parent | 7e420c5834bcde13ed28f84f2cec8c77b9d6b684 (diff) | |
| download | poky-e271e3cf365c081c5df80c16e1ea3d8bd5a99a6a.tar.gz | |
git: fix CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations
and full access to internals. When reading a config value, Git strips
any trailing carriage return and line feed (CRLF). When writing a
config entry, values with a trailing CR are not quoted, causing the CR
to be lost when the config is later read. When initializing a
submodule, if the submodule path contains a trailing CR, the altered
path is read resulting in the submodule being checked out to an
incorrect location. If a symlink exists that points the altered path
to the submodule hooks directory, and the submodule contains an
executable post-checkout hook, the script may be unintentionally
executed after checkout. This vulnerability is fixed in v2.43.7,
v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-48384
Upstream-patch:
https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89
(From OE-Core rev: 34cb9674a5ce337a75af0dc415706d0323c427a6)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-support/vim/files/no-path-adjust.patch')
0 files changed, 0 insertions, 0 deletions