Apparently the same thing as git's CVE-2022-29187. From changelog: * This provides compatibility with git's changes to address CVE 2022-29187. As a follow up to [CVE 2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/), now not only is the working directory of a non-bare repository examined for its ownership, but the `.git` directory and the `.git` file (if present) are also examined for their ownership. * A fix for compatibility with git's (new) behavior for CVE 2022-24765 allows users on POSIX systems to access a git repository that is owned by them when they are running in `sudo`. * A fix for further compatibility with git's (existing) behavior for CVE 2022-24765 allows users on Windows to access a git repository that is owned by the Administrator when running with escalated privileges (using `runas Administrator`).
cleanup done
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1e10dddefba8566fa926c19fd2f97c893860b8ea commit 1e10dddefba8566fa926c19fd2f97c893860b8ea Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-14 09:13:55 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-14 09:14:51 +0000 [ GLSA 202401-17 ] libgit2: Privilege Escalation Vulnerability Bug: https://bugs.gentoo.org/857792 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-17.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
