[ANNOUNCE] Git for Windows 2.47.1(2) (security release)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Git users,

I hereby announce that Git for Windows 2.47.1(2), a security release, is
available from:

    https://github.com/git-for-windows/git/releases/tag/v2.47.1.windows.2

Changes since Git for Windows v2.47.1 (November 25th 2024)

New Features

- Comes with Git Credential Manager v2.6.1, addressing CVE-2024-50338.

- Comes with Git LFS v3.6.1, addressing CVE-2024-53263.

Bug Fixes

- CVE-2024-50338: Git Credential Manager can be tricked to exfiltrate
  credentials for a trusted site to an untrusted site. Since the URLs needed
  for such an attack look suspicious, this usually requires a recursive clone
  or fetch.

- CVE-2024-53263: In conjunction with CVE-2024-52006, Git LFS can be tricked to
  exfiltrate credentials for a trusted site to an untrusted site.

- CVE-2024-50349: When prompting the user for a password in the terminal, Git
  does not neutralize control characters.

- CVE-2024-52005: The sideband channel does not neutralize control characters.

- CVE-2024-52006: Similar to CVE-2020-5260, affecting credential helpers that
  interpret Carriage Returns as newlines.

Filename | SHA-256
-------- | -------
Git-2.47.1.2-64-bit.exe | 5f2350757f9781125cd660478b31c37698d9662aed25b4b02e92da393289564c
Git-2.47.1.2-32-bit.exe | 4e6d9f309f4f877a779aee9e80fc1ef5d6f03aa79d5eb4cac103d39f02ece1e9
PortableGit-2.47.1.2-64-bit.7z.exe | d73f0c1a42afbabe43862bd5abf5a646798125bc33cc02b7da7bbaeddae948f0
PortableGit-2.47.1.2-32-bit.7z.exe | b1b1715676b1aaf0cdffe7287c70c37a94408fd872d538f4b00834d278a9e02f
MinGit-2.47.1.2-64-bit.zip | 5bafb35dfb249b89d726b37824eeb5022379f0e51f5fbf9c29f49bef57e85b42
MinGit-2.47.1.2-32-bit.zip | adae5363e224be913af65b3b8c454463e220dd12c811bf5f298952ba4106589a
MinGit-2.47.1.2-busybox-64-bit.zip | e27f8fda56942a1c57911dfb2ad71ca7a6d227db733c921216402eb5d10da41d
MinGit-2.47.1.2-busybox-32-bit.zip | 00269b04f0b61572b2fc4e20220ff74496b44c5ec23f2753ac7de0867419fdb8
Git-2.47.1.2-64-bit.tar.bz2 | ee718e13e1f6c772ab918c0c8897c4d73c792d00bc6e3de3cf1092504b737b7d
Git-2.47.1.2-32-bit.tar.bz2 | 7ad65961762bf328574ab73d5b0442beb1e9bee81d73cfed6429ff927057e27c
Git-2.47.1.2-arm64.tar.bz2 | 8b3c4548346d7af2ee9e4e835e8baaea2bde2bca3d2df123a69e7b76ae7b8483
Git-2.47.1.2-arm64.exe | a6f68a3e74349e71ed0030fad7bad87806093a4063b3b1fe2a2c0be233201ce4
MinGit-2.47.1.2-arm64.zip | c74dd8e25b2337bbef059440966ba7bf96da4b4a8bc9bf9c759a2bc5a868da2b
PortableGit-2.47.1.2-arm64.7z.exe | 6f554b6f0fb9e76448f42c2b0dd9c4c59f0a1d0df0c38c1a9029ebd9c49532b5

Ciao,
Johannes
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux