MinGit for Windows 2.46.2(2)
mjcheetham
released this
14 Jan 18:14
·
4713 commits
to main
since this release
Changes since Git for Windows v2.46.2 (September 24th 2024)
New Features
- Comes with Git Credential Manager v2.6.1, addressing CVE-2024-50338.
Bug Fixes
- CVE-2024-50338: Git Credential Manager can be tricked to exfiltrate credentials for a trusted site to an untrusted site. Since the URLs needed for such an attack look suspicious, this usually requires a recursive clone or fetch.
- CVE-2024-50349: When prompting the user for a password in the terminal, Git does not neutralize control characters.
- CVE-2024-52005: The sideband channel does not neutralize control characters.
- CVE-2024-52006: Similar to CVE-2020-5260, affecting credential helpers that interpret Carriage Returns as newlines.
Filename | SHA-256 |
---|---|
MinGit-2.46.2.2-64-bit.zip | 9fa5d4c0858b92b14f424393d51eee1412e53c1eae2b689f56a5113c924d7087 |
MinGit-2.46.2.2-32-bit.zip | 950546c6069879a9a8c858c1c781790a356a6f8fec864cbc57383ad8b396f4a4 |
MinGit-2.46.2.2-busybox-64-bit.zip | 1bdfe5d96b7956175b5078c48039f6b49de30ce25a3f30151872ca02edf134b5 |
MinGit-2.46.2.2-busybox-32-bit.zip | 043b7bc72d79b151d4a17c0ae2323e39ba32d2b8ed38a66ddd0a81f6c01a56a0 |