|Reported by:||Owned by:|
Announced on lkml among other places
Today, the Git project is releasing the following Git versions:
v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6
These releases fix various security flaws, which allowed an attacker to overwrite arbitrary paths, remotely execute code, and/or overwrite files in the .git/ directory etc. See the release notes attached for the list for their descriptions and CVE identifiers.
Users of the affected maintenance tracks are urged to upgrade.
These flaws were discovered and reported by Joern Schneeweisz of GitLab and by Microsoft Security Response Center (and in particular Nicolas Joly), and were fixed by Johannes Schindelin, Jeff King, Garima Singh and Jonathan Nieder on the git-security mailing list. The release engineering and coordination was led by Johannes Schindelin.
Git v2.24.1 Release Notes =========================
This release merges up the fixes that appear in v2.14.6, v2.15.4, v2.17.3, v2.20.2 and in v2.21.1, addressing the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, CVE-2019-1387, and CVE-2019-19604; see the release notes for those versions for details.