[Buildroot] [git commit branch/2024.02.x] package/git: security bump to version 2.43.6
Peter Korsgaard
peter at korsgaard.com
Wed Jan 22 16:32:11 UTC 2025
commit: https://git.buildroot.net/buildroot/commit/?id=954711047fc45dc61f1a05a67c282a228ebb296f
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2024.02.x
Fixes the following vulnerabilities:
- CVE-2024-50349:
Printing unsanitized URLs when asking for credentials made the
user susceptible to crafted URLs (e.g. in recursive clones) that
mislead the user into typing in passwords for trusted sites that
would then be sent to untrusted sites instead.
- CVE-2024-52006
Git may pass on Carriage Returns via the credential protocol to
credential helpers which use line-reading functions that
interpret said Carriage Returns as line endings, even though Git
did not intend that.
For more details, see the announcement:
https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/git/git.hash | 2 +-
package/git/git.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/git/git.hash b/package/git/git.hash
index 9b8c8eeceb..1560b599d9 100644
--- a/package/git/git.hash
+++ b/package/git/git.hash
@@ -1,5 +1,5 @@
# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256 8b7cc3db84c5c6a2eeb39c63686ff5cde26278e32bb0d2226a8b424488420b98 git-2.43.5.tar.xz
+sha256 25f329439ebcc8a6fe160a5600499f6a179c784d8efa4d50d54e5d77a4d13a62 git-2.43.6.tar.xz
# Locally calculated
sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
diff --git a/package/git/git.mk b/package/git/git.mk
index 01933a96b2..56c994e3a8 100644
--- a/package/git/git.mk
+++ b/package/git/git.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GIT_VERSION = 2.43.5
+GIT_VERSION = 2.43.6
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
GIT_LICENSE = GPL-2.0, LGPL-2.1+
More information about the buildroot
mailing list