Makefile: update Git versions (ea6a3464) · Commits · gitlab-org / Gitaly · JiHu GitLab

Snippets Groups Projects

Commit ea6a3464 authored 1 year ago by

Patrick Steinhardt

Makefile: update Git versions

Update Git versions to address several CVEs:

  - CVE-2024-32002, which can lead to arbitrary code execution on
    case-insensitive filesystems when doing recursive clones.

  - CVE-2024-32004, which can lead to arbitrary code execution when
    doing a local partial clones via the filesystem.

  - CVE-2024-32021, which allows an adversary to rewrite files in a
    cloned repository when using local clones with hardlinks.

  - CVE-2024-32021, which can lead to linking to arbitrary files
    accessible to the user when doing local clones via a TOCTOU style
    race.

  - CVE-2024-32465, which can lead to executing arbitrary commands when
    cloning an untrusted local repository.

None of these issues were found to impact Gitaly, but upgrading is the
right thing to do regardless.

parent 76ba963e

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 3 additions and 3 deletions

Administrator @root
mentioned in commit 5225a611
· 1 year ago

mentioned in commit 5225a611

mentioned in commit 5225a6111d813a377966ca1c7ca6001cc9b9c9dc

Toggle commit list

Please register or to comment