Changes since Git for Windows v2.39.1 (January 17th 2023)
This is a security release, addressing CVE-2023-22490, CVE-2023-22743, CVE-2023-23618 and CVE-2023-23946.
New Features
- Comes with Git v2.39.2.
Bug Fixes
- Addresses CVE-2023-22743, a vulnerability rated "high" making the Git for Windows' installer susceptible to DLL side-loading attacks.
- Addresses CVE-2023-23618, a vulnerability rated "high" where
gitk
would inadvertently execute programs placed in the worktree. - Addresses CVE-2023-22490, a moderate vulnerability allowing for data exfiltration in local clones.
- Addresses CVE-2023-23946, a moderate vulnerability that would allow crafted patches to trick
git apply
into writing into files outside the current directory.
Filename | SHA-256 |
---|---|
Git-2.39.2-64-bit.exe | d7608fbd854b3689102ff48b03c8cc77b35138f9f7350d134306da0ba5751464 |
Git-2.39.2-32-bit.exe | addf55b0a57f38a7950b3ad37ce5c76752202e6818d9f8995b477496b71fb757 |
PortableGit-2.39.2-64-bit.7z.exe | 20e3959d4e310a79b5cf4138797aa247d473d1f7b077a6c433cbfc4ddc5486f1 |
PortableGit-2.39.2-32-bit.7z.exe | 84ea6be01df896f6d50192ba4cda85c38ab995154f7aa9d3849492a15f21b500 |
MinGit-2.39.2-64-bit.zip | a53b90a42d9a5e3ac992f525b5805c4dbb8a013b09a32edfdcf9a551fd8cfe2d |
MinGit-2.39.2-32-bit.zip | f2027f51f8b12e5bd3c94782edddcfe277e26a3fc7c014707a72b04714f3b90f |
MinGit-2.39.2-busybox-64-bit.zip | ee36c33719ad2f4b23f00e40469045ac4d3ad30e4321fe6d2adbcf3176b747b2 |
MinGit-2.39.2-busybox-32-bit.zip | c6c0b7fd055a968bb89bff1af6d8cad846f996664ef2aa1b5fdbab6b77c77679 |
Git-2.39.2-64-bit.tar.bz2 | 14012aba35914970ace948a11b8749847f0e180d4e47eaa72dd091d56dbc7586 |
Git-2.39.2-32-bit.tar.bz2 | fc0a304f933a7690e45187261ae9132d6586a62a79f540234ce836c000df3f56 |