Security
Security
Multiple vulnerabilities have been found in Git which might all allow attackers to access sensitive information.
| Package | dev-vcs/git on all architectures |
|---|---|
| Affected versions | < 2.26.2 |
| Unaffected versions | revision >= 2.23.3 revision >= 2.24.3 revision >= 2.25.4 revision >= 2.26.2 |
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.
A remote attacker, by providing a specially crafted URL, could possibly trick Git into returning credential information for a wrong host.
Disabling credential helpers will prevent this vulnerability.
All Git 2.23.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.3"
All Git 2.24.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.3"
All Git 2.25.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.25.4"
All Git 2.26.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.26.2"