[ANNOUNCE] Git for Windows 2.39.2

Johannes Schindelin johannes.schindelin at gmx.de
Tue Feb 14 18:14:42 GMT 2023


Dear Git users,

I hereby announce that Git for Windows 2.39.2 is available from:

    https://gitforwindows.org/

Changes since Git for Windows v2.39.1 (January 17th 2023)

This is a security release, addressing CVE-2023-22490, CVE-2023-22743,
CVE-2023-23618 and CVE-2023-23946.

New Features

  * Comes with Git v2.39.2.

Bug Fixes

  * Addresses CVE-2023-22743, a vulnerability rated "high" making the
    Git for Windows' installer susceptible to DLL side-loading attacks.
  * Addresses CVE-2023-23618, a vulnerability rated "high" where gitk
    would inadvertently execute programs placed in the worktree.
  * Addresses CVE-2023-22490, a moderate vulnerability allowing for
    data exfiltration in local clones.
  * Addresses CVE-2023-23946, a moderate vulnerability that would allow
    crafted patches to trick git apply into writing into files outside
    the current directory.

Git-2.39.2-64-bit.exe | d7608fbd854b3689102ff48b03c8cc77b35138f9f7350d134306da0ba5751464
Git-2.39.2-32-bit.exe | addf55b0a57f38a7950b3ad37ce5c76752202e6818d9f8995b477496b71fb757
PortableGit-2.39.2-64-bit.7z.exe | 20e3959d4e310a79b5cf4138797aa247d473d1f7b077a6c433cbfc4ddc5486f1
PortableGit-2.39.2-32-bit.7z.exe | 84ea6be01df896f6d50192ba4cda85c38ab995154f7aa9d3849492a15f21b500
MinGit-2.39.2-64-bit.zip | a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d
MinGit-2.39.2-32-bit.zip | f2027f51f8b12e5bd3c94782edddcfe277e26a3fc7c014707a72b04714f3b90f
MinGit-2.39.2-busybox-64-bit.zip | ee36c33719ad2f4b23f00e40469045ac4d3ad30e4321fe6d2adbcf3176b747b2
MinGit-2.39.2-busybox-32-bit.zip | c6c0b7fd055a968bb89bff1af6d8cad846f996664ef2aa1b5fdbab6b77c77679
Git-2.39.2-64-bit.tar.bz2 | 14012aba35914970ace948a11b8749847f0e180d4e47eaa72dd091d56dbc7586
Git-2.39.2-32-bit.tar.bz2 | fc0a304f933a7690e45187261ae9132d6586a62a79f540234ce836c000df3f56

Ciao,
Johannes


More information about the git-announce mailing list