[ANNOUNCE] Git for Windows 2.39.2

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

* [ANNOUNCE] Git for Windows 2.39.2
@ 2023-02-14 18:14 Johannes Schindelin
  0 siblings, 0 replies; only message in thread
From: Johannes Schindelin @ 2023-02-14 18:14 UTC (permalink / raw)
  To: git-for-windows, git, git-packagers; +Cc: Johannes Schindelin

Dear Git users,

I hereby announce that Git for Windows 2.39.2 is available from:

    https://gitforwindows.org/

Changes since Git for Windows v2.39.1 (January 17th 2023)

This is a security release, addressing CVE-2023-22490, CVE-2023-22743,
CVE-2023-23618 and CVE-2023-23946.

New Features

  * Comes with Git v2.39.2.

Bug Fixes

  * Addresses CVE-2023-22743, a vulnerability rated "high" making the
    Git for Windows' installer susceptible to DLL side-loading attacks.
  * Addresses CVE-2023-23618, a vulnerability rated "high" where gitk
    would inadvertently execute programs placed in the worktree.
  * Addresses CVE-2023-22490, a moderate vulnerability allowing for
    data exfiltration in local clones.
  * Addresses CVE-2023-23946, a moderate vulnerability that would allow
    crafted patches to trick git apply into writing into files outside
    the current directory.

Git-2.39.2-64-bit.exe | d7608fbd854b3689102ff48b03c8cc77b35138f9f7350d134306da0ba5751464
Git-2.39.2-32-bit.exe | addf55b0a57f38a7950b3ad37ce5c76752202e6818d9f8995b477496b71fb757
PortableGit-2.39.2-64-bit.7z.exe | 20e3959d4e310a79b5cf4138797aa247d473d1f7b077a6c433cbfc4ddc5486f1
PortableGit-2.39.2-32-bit.7z.exe | 84ea6be01df896f6d50192ba4cda85c38ab995154f7aa9d3849492a15f21b500
MinGit-2.39.2-64-bit.zip | a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d
MinGit-2.39.2-32-bit.zip | f2027f51f8b12e5bd3c94782edddcfe277e26a3fc7c014707a72b04714f3b90f
MinGit-2.39.2-busybox-64-bit.zip | ee36c33719ad2f4b23f00e40469045ac4d3ad30e4321fe6d2adbcf3176b747b2
MinGit-2.39.2-busybox-32-bit.zip | c6c0b7fd055a968bb89bff1af6d8cad846f996664ef2aa1b5fdbab6b77c77679
Git-2.39.2-64-bit.tar.bz2 | 14012aba35914970ace948a11b8749847f0e180d4e47eaa72dd091d56dbc7586
Git-2.39.2-32-bit.tar.bz2 | fc0a304f933a7690e45187261ae9132d6586a62a79f540234ce836c000df3f56

Ciao,
Johannes

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-02-14 18:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-14 18:14 [ANNOUNCE] Git for Windows 2.39.2 Johannes Schindelin

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).