[ANNOUNCE] Git for Windows 2.39.2
65 views
Skip to first unread message
Johannes Schindelin
Feb 14, 2023, 1:14:50 PM2/14/23
to git-for...@googlegroups.com, g...@vger.kernel.org, git-pa...@googlegroups.com, Johannes Schindelin
Dear Git users,
I hereby announce that Git for Windows 2.39.2 is available from:
https://gitforwindows.org/
Changes since Git for Windows v2.39.1 (January 17th 2023)
This is a security release, addressing CVE-2023-22490, CVE-2023-22743,
CVE-2023-23618 and CVE-2023-23946.
New Features
* Comes with Git v2.39.2.
Bug Fixes
* Addresses CVE-2023-22743, a vulnerability rated "high" making the
Git for Windows' installer susceptible to DLL side-loading attacks.
* Addresses CVE-2023-23618, a vulnerability rated "high" where gitk
would inadvertently execute programs placed in the worktree.
* Addresses CVE-2023-22490, a moderate vulnerability allowing for
data exfiltration in local clones.
* Addresses CVE-2023-23946, a moderate vulnerability that would allow
crafted patches to trick git apply into writing into files outside
the current directory.
Git-2.39.2-64-bit.exe | d7608fbd854b3689102ff48b03c8cc77b35138f9f7350d134306da0ba5751464
Git-2.39.2-32-bit.exe | addf55b0a57f38a7950b3ad37ce5c76752202e6818d9f8995b477496b71fb757
PortableGit-2.39.2-64-bit.7z.exe | 20e3959d4e310a79b5cf4138797aa247d473d1f7b077a6c433cbfc4ddc5486f1
PortableGit-2.39.2-32-bit.7z.exe | 84ea6be01df896f6d50192ba4cda85c38ab995154f7aa9d3849492a15f21b500
MinGit-2.39.2-64-bit.zip | a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d
MinGit-2.39.2-32-bit.zip | f2027f51f8b12e5bd3c94782edddcfe277e26a3fc7c014707a72b04714f3b90f
MinGit-2.39.2-busybox-64-bit.zip | ee36c33719ad2f4b23f00e40469045ac4d3ad30e4321fe6d2adbcf3176b747b2
MinGit-2.39.2-busybox-32-bit.zip | c6c0b7fd055a968bb89bff1af6d8cad846f996664ef2aa1b5fdbab6b77c77679
Git-2.39.2-64-bit.tar.bz2 | 14012aba35914970ace948a11b8749847f0e180d4e47eaa72dd091d56dbc7586
Git-2.39.2-32-bit.tar.bz2 | fc0a304f933a7690e45187261ae9132d6586a62a79f540234ce836c000df3f56
Ciao,
Johannes
I hereby announce that Git for Windows 2.39.2 is available from:
https://gitforwindows.org/
Changes since Git for Windows v2.39.1 (January 17th 2023)
This is a security release, addressing CVE-2023-22490, CVE-2023-22743,
CVE-2023-23618 and CVE-2023-23946.
New Features
* Comes with Git v2.39.2.
Bug Fixes
* Addresses CVE-2023-22743, a vulnerability rated "high" making the
Git for Windows' installer susceptible to DLL side-loading attacks.
* Addresses CVE-2023-23618, a vulnerability rated "high" where gitk
would inadvertently execute programs placed in the worktree.
* Addresses CVE-2023-22490, a moderate vulnerability allowing for
data exfiltration in local clones.
* Addresses CVE-2023-23946, a moderate vulnerability that would allow
crafted patches to trick git apply into writing into files outside
the current directory.
Git-2.39.2-64-bit.exe | d7608fbd854b3689102ff48b03c8cc77b35138f9f7350d134306da0ba5751464
Git-2.39.2-32-bit.exe | addf55b0a57f38a7950b3ad37ce5c76752202e6818d9f8995b477496b71fb757
PortableGit-2.39.2-64-bit.7z.exe | 20e3959d4e310a79b5cf4138797aa247d473d1f7b077a6c433cbfc4ddc5486f1
PortableGit-2.39.2-32-bit.7z.exe | 84ea6be01df896f6d50192ba4cda85c38ab995154f7aa9d3849492a15f21b500
MinGit-2.39.2-64-bit.zip | a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d
MinGit-2.39.2-32-bit.zip | f2027f51f8b12e5bd3c94782edddcfe277e26a3fc7c014707a72b04714f3b90f
MinGit-2.39.2-busybox-64-bit.zip | ee36c33719ad2f4b23f00e40469045ac4d3ad30e4321fe6d2adbcf3176b747b2
MinGit-2.39.2-busybox-32-bit.zip | c6c0b7fd055a968bb89bff1af6d8cad846f996664ef2aa1b5fdbab6b77c77679
Git-2.39.2-64-bit.tar.bz2 | 14012aba35914970ace948a11b8749847f0e180d4e47eaa72dd091d56dbc7586
Git-2.39.2-32-bit.tar.bz2 | fc0a304f933a7690e45187261ae9132d6586a62a79f540234ce836c000df3f56
Ciao,
Johannes
Reply all
Reply to author
Forward
0 new messages