From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
git-packagers@googlegroups.com
Subject: [ANNOUNCE] Git v2.37.1 and others
Date: Tue, 12 Jul 2022 10:06:57 -0700 [thread overview]
Message-ID: <xmqqv8s2fefi.fsf@gitster.g> (raw)
Git v2.37.1, together with v2.30.5, v2.31.4, v2.32.3, v2.33.4,
v2.34.4, v2.35.4, and v2.36.2 for older maintenance tracks, are now
available at the usual places.
These are to address CVE-2022-29187, where the fixes in v2.36.1 and
below to address CVE-2022-24765 released earlier may not have been
complete.
The tarballs are found at:
https://www.kernel.org/pub/software/scm/git/
The following public repositories all have a copy of the 'v2.37.1'
tag and other tags for older maintenance tracks.
url = https://git.kernel.org/pub/scm/git/git
url = https://kernel.googlesource.com/pub/scm/git/git
url = git://repo.or.cz/alt-git.git
url = https://github.com/gitster/git
----------------------------------------------------------------
Git 2.37.1 Release Notes
========================
This release merges up the fixes that appear in v2.30.5, v2.31.4,
v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the
security issue CVE-2022-29187; see the release notes for these
versions for details.
Fixes since Git 2.37
--------------------
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.
* Fix for CVE-2022-29187.
----------------------------------------------------------------
Git v2.30.5 Release Notes
=========================
This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.
* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).
Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765
next reply other threads:[~2022-07-12 17:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-12 17:06 Junio C Hamano [this message]
2022-07-13 12:11 ` [Test Failures] Git v2.37.1 (was RE: [ANNOUNCE] Git v2.37.1 and others) rsbecker
2022-07-13 14:23 ` rsbecker
2022-07-14 2:10 ` rsbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqv8s2fefi.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git-packagers@googlegroups.com \
--cc=git@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).