git-2.35.3-1.fc35

Read Time:50 Second

FEDORA-2022-3759ebabd2

Packages in this update:

git-2.35.3-1.fc35

Update description:

Update to 2.35.3 (release notes)

This release addresses CVE-2022-24765. Per the release announcement:

On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.

A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:

* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.

Read More