ALAS2022-2022-118

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository. (CVE-2022-29187)

aarch64:
    git-debuginfo-2.37.1-1.amzn2022.0.1.aarch64
    git-core-debuginfo-2.37.1-1.amzn2022.0.1.aarch64
    git-daemon-debuginfo-2.37.1-1.amzn2022.0.1.aarch64
    git-daemon-2.37.1-1.amzn2022.0.1.aarch64
    git-subtree-2.37.1-1.amzn2022.0.1.aarch64
    git-credential-libsecret-2.37.1-1.amzn2022.0.1.aarch64
    git-core-2.37.1-1.amzn2022.0.1.aarch64
    git-debugsource-2.37.1-1.amzn2022.0.1.aarch64
    git-credential-libsecret-debuginfo-2.37.1-1.amzn2022.0.1.aarch64
    git-2.37.1-1.amzn2022.0.1.aarch64

noarch:
    perl-Git-2.37.1-1.amzn2022.0.1.noarch
    git-gui-2.37.1-1.amzn2022.0.1.noarch
    git-svn-2.37.1-1.amzn2022.0.1.noarch
    git-email-2.37.1-1.amzn2022.0.1.noarch
    gitweb-2.37.1-1.amzn2022.0.1.noarch
    gitk-2.37.1-1.amzn2022.0.1.noarch
    git-instaweb-2.37.1-1.amzn2022.0.1.noarch
    git-cvs-2.37.1-1.amzn2022.0.1.noarch
    git-all-2.37.1-1.amzn2022.0.1.noarch
    git-p4-2.37.1-1.amzn2022.0.1.noarch
    git-core-doc-2.37.1-1.amzn2022.0.1.noarch
    perl-Git-SVN-2.37.1-1.amzn2022.0.1.noarch

src:
    git-2.37.1-1.amzn2022.0.1.src

x86_64:
    git-core-debuginfo-2.37.1-1.amzn2022.0.1.x86_64
    git-credential-libsecret-2.37.1-1.amzn2022.0.1.x86_64
    git-debuginfo-2.37.1-1.amzn2022.0.1.x86_64
    git-daemon-2.37.1-1.amzn2022.0.1.x86_64
    git-core-2.37.1-1.amzn2022.0.1.x86_64
    git-2.37.1-1.amzn2022.0.1.x86_64
    git-credential-libsecret-debuginfo-2.37.1-1.amzn2022.0.1.x86_64
    git-subtree-2.37.1-1.amzn2022.0.1.x86_64
    git-debugsource-2.37.1-1.amzn2022.0.1.x86_64
    git-daemon-debuginfo-2.37.1-1.amzn2022.0.1.x86_64