The code shack gave a hattip to 俞晨东 for finding the bug and Johannes Schindelin for working on a fix. git folder themselves and remove read/write access as workaround or "define or extend 'GIT_CEILING_DIRECTORIES' to cover the parent directory of the user profile," according to NIST. To deal with the issue, the Git team recommends an update. These include the latest maintenance release, 2.35.2, along with updates for older maintenance tracks (v2.30.3, v2.31.2, v2.32.1, v2.33.2, and v2.34.2. A variety of releases were emitted by the team. These need to be multi-user machines, likely running Windows (probably due to how the file system of the OS works.) Ultimately, it is an arbitrary code issue, if one that requires access to the disk to implement. After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft’s Windows. Not nice, but also very specific in terms of affected systems. The Git team was little blunter about the vulnerability, and warned that "Merely having a Git-aware prompt that runs 'git status' (or 'git diff') and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |