https://www.openwall.com/lists/oss-security/2025/01/14/4 """ The Git project released new security bug-fix versions today, January 14th, 2025: v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. The addressed issues are: - CVE-2024-50349: Printing unsanitized URLs when asking for credentials makes the user susceptible to crafted URLs (e.g. in recursive clones). These URLs can mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead. A potential scenario of how this can be exploited is a recursive clone where one of the submodules prompts for a password, pretending to ask for a different host than the password will be sent to. - CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to credential helpers which use line-reading functions that interpret Carriage Returns as line endings, even though this is not what was intended (but Git’s documentation did not clarify that "newline" meant "Line Feed character"). This affected the popular .NET-based Git Credential Manager, which has been updated accordingly in coordination with the Git project. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a9686e606eb4463eaf83bf62c64f8ceb2bc241b commit 2a9686e606eb4463eaf83bf62c64f8ceb2bc241b Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:23:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:24:22 +0000 dev-vcs/git: add 2.48.1 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 + dev-vcs/git/git-2.48.1.ebuild | 475 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 478 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=141d7e6b19c3a740c7f2aaf9b20a8faa4b9c6d82 commit 141d7e6b19c3a740c7f2aaf9b20a8faa4b9c6d82 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:22:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:24:22 +0000 dev-vcs/git: add 2.47.2 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 + dev-vcs/git/git-2.47.2.ebuild | 670 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 673 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e285ad30a3c9e8045f5079b1c41ceb0308526eaf commit e285ad30a3c9e8045f5079b1c41ceb0308526eaf Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:22:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:24:21 +0000 dev-vcs/git: add 2.46.3 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 + dev-vcs/git/git-2.46.3.ebuild | 667 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 670 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a2e7ed57d85a547318cfeb94b0ab8a5e894ef6e commit 6a2e7ed57d85a547318cfeb94b0ab8a5e894ef6e Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:21:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:24:21 +0000 dev-vcs/git: add 2.45.3 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 + dev-vcs/git/git-2.45.3.ebuild | 650 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 653 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82f868cd1b70f68d6cf39570f0e3ddb377a4add1 commit 82f868cd1b70f68d6cf39570f0e3ddb377a4add1 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:21:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:24:20 +0000 dev-vcs/git: add 2.44.3 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 + dev-vcs/git/git-2.44.3.ebuild | 647 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 650 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=102a563667d30dd09d73fdb74b7359a00b3ff810 commit 102a563667d30dd09d73fdb74b7359a00b3ff810 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:26:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:26:26 +0000 dev-vcs/git: drop 2.48.0-r2 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 - dev-vcs/git/git-2.48.0-r2.ebuild | 475 --------------------------------------- 2 files changed, 478 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8533eba8388cd17c8fd6bede8453cb7a3848fbbd commit 8533eba8388cd17c8fd6bede8453cb7a3848fbbd Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:26:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:26:11 +0000 dev-vcs/git: drop 2.47.1, 2.47.2 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 6 - dev-vcs/git/git-2.47.1.ebuild | 670 ------------------------------------------ dev-vcs/git/git-2.47.2.ebuild | 670 ------------------------------------------ 3 files changed, 1346 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3431813bc7c387b6bfdb6faa7bbdcfedc51f8cb commit c3431813bc7c387b6bfdb6faa7bbdcfedc51f8cb Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:25:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:25:49 +0000 dev-vcs/git: drop 2.46.2, 2.46.3 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 6 - dev-vcs/git/git-2.46.2.ebuild | 667 ------------------------------------------ dev-vcs/git/git-2.46.3.ebuild | 667 ------------------------------------------ 3 files changed, 1340 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eb942efbce02805ea72d0e794bd496cf0001830 commit 1eb942efbce02805ea72d0e794bd496cf0001830 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-01-18 23:25:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-01-18 23:25:46 +0000 dev-vcs/git: drop 2.44.2, 2.44.3 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 6 - dev-vcs/git/git-2.44.2.ebuild | 647 ------------------------------------------ dev-vcs/git/git-2.44.3.ebuild | 647 ------------------------------------------ 3 files changed, 1300 deletions(-)
I've cleaned up some older branches given they tend to linger on forever.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ffaa04ee6af9581225ecaba60c688e7401a92fc6 commit ffaa04ee6af9581225ecaba60c688e7401a92fc6 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-03-19 02:45:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-03-19 02:45:11 +0000 dev-vcs/git: drop 2.45.2 Bug: https://bugs.gentoo.org/948111 Signed-off-by: Sam James <sam@gentoo.org> dev-vcs/git/Manifest | 3 - dev-vcs/git/git-2.45.2.ebuild | 650 ------------------------------------------ 2 files changed, 653 deletions(-)
