SUSE alert SUSE-SU-2025:20721-1 (git)

From:
SLE-SECURITY-UPDATES <null@suse.de>
To:
sle-security-updates@lists.suse.com
Subject:
SUSE-SU-2025:20721-1: critical: Security update for git
Date:
Fri, 26 Sep 2025 16:40:33 -0000
Message-ID:
<175890483311.25554.11692259762497742738@smelt2.prg2.suse.org>

# Security update for git

Announcement ID: SUSE-SU-2025:20721-1
Release Date: 2025-09-22T08:52:53Z
Rating: critical
References:

* bsc#1212476
* bsc#1219660
* bsc#1235600
* bsc#1235601
* bsc#1239989
* bsc#1245938
* bsc#1245939
* bsc#1245942
* bsc#1245943
* bsc#1245946
* bsc#1245947

Cross-References:

* CVE-2024-24577
* CVE-2024-50349
* CVE-2024-52006
* CVE-2025-27613
* CVE-2025-27614
* CVE-2025-46334
* CVE-2025-46835
* CVE-2025-48384
* CVE-2025-48385
* CVE-2025-48386

CVSS scores:

* CVE-2024-24577 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2024-24577 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50349 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2024-50349 ( NVD ): 2.1

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-52006 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2024-52006 ( NVD ): 2.1

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-27613 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-27613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-27613 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2025-27614 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27614 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-27614 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-46334 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-46835 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-46835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-46835 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
* CVE-2025-48384 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48384 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-48384 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-48385 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-48385 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-48385 ( NVD ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-48386 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-48386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-48386 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected Products:

* SUSE Linux Micro 6.0

An update that solves 10 vulnerabilities and has one fix can now be installed.

## Description:

This update for git fixes the following issues:

* Update to 2.51.0

* UI, Workflows & Features

* Userdiff patterns for the R language have been added.
* Documentation for "git send-email" has been updated with a bit more credential helper and
OAuth information.
* "git cat-file --batch" learns to understand %(objectmode) atom to allow the caller to tell
missing objects (due to repository corruption) and submodules (whose commit objects are OK to be
missing) apart.
* "git diff --no-index dirA dirB" can limit the comparison with pathspec at the end of the
command line, just like normal "git diff".
* "git subtree" (in contrib/) learned to grok GPG signing its commits.
* "git whatchanged" that is longer to type than "git log --raw" which is its modern rough
equivalent has outlived its usefulness more than 10 years ago. Plan to deprecate and remove it.
* An interchange format for stash entries is defined, and subcommand of "git stash" to
import/export has been added.
* "git merge/pull" has been taught the "\--compact-summary" option to use the compact-summary
format, intead of diffstat, when showing the summary of the incoming changes.
* "git imap-send" has been broken for a long time, which has been resurrected and then taught
to talk OAuth2.0 etc.
* Some error messages from "git imap-send" has been updated.
* When "git daemon" sees a signal while attempting to accept() a new client, instead of
retrying, it skipped it by mistake, which has been corrected.
* The reftable ref backend has matured enough; Git 3.0 will make it the default format in a
newly created repositories by default.
* "netrc" credential helper has been improved to understand textual service names (like smtp)
in addition to the numeric port numbers (like 25).
* Lift the limitation to use changed-path filter in "git log" so that it can be used for a
pathspec with multiple literal paths.
* Clean up the way how signature on commit objects are exported to and imported from
fast-import stream.
* Remove unsupported, unused, and unsupportable old option from "git log".
* Document recently added "git imap-send --list" with an example.
* "git pull" learned to pay attention to pull.autostash configuration variable, which overrides
rebase/merge.autostash.
* "git for-each-ref" learns "\--start-after" option to help applications that want to page its
output.
* "git switch" and "git restore" are declared to be no longer experimental.
* "git -c alias.foo=bar foo -h baz" reported "'foo' is aliased to 'bar'" and then went on to
run "git foo -h baz", which was unexpected. Tighten the rule so that alias expansion is reported
only when "-h" is the sole option.
* Performance, Internal Implementation, Development Support etc.

* "git pack-objects" learned to find delta bases from blobs at the same path, using the
--path-walk API.
* CodingGuidelines update.
* Add settings for Solaris 10 & 11.
* Meson-based build/test framework now understands TAP output generated by our tests.
* "Do not explicitly initialize to zero" rule has been clarified in the CodingGuidelines
document.
* A test helper "test_seq" function learned the "-f <fmt>" option, which allowed us to simplify
a lot of test scripts.
* A lot of stale stuff has been removed from the contrib/ hierarchy.
* "git push" and "git fetch" are taught to update refs in batches to gain performance.
* Some code paths in "git prune" used to ignore the passed-in repository object and used the
`the_repository` singleton instance instead, which has been corrected.
* Update ".clang-format" and ".editorconfig" to match our style guide a bit better.
* "make coccicheck" succeeds even when spatch made suggestions, which has been updated to fail
in such a case.
* Code clean-up around object access API.
* Define .precision to more canned parse-options type to avoid bugs coming from using a
variable with a wrong type to capture the parsed values.
* Flipping the default hash function to SHA-256 at Git 3.0 boundary is planned.
* Declare weather-balloon we raised for "bool" type 18 months ago a success and officially
allow using the type in our codebase.
* GIT_TEST_INSTALLED was not honored in the recent topic related to SHA256 hashes, which has
been corrected.
* The pop_most_recent_commit() function can have quite expensive worst case performance
characteristics, which has been optimized by using prio-queue data structure.
* Move structure definition from unrelated header file to where it belongs.
* To help our developers, document what C99 language features are being considered for
adoption, in addition to what past experiments have already decided.
* The reftable unit tests are now ported to the "clar" unit testing framework.
* Redefine where the multi-pack-index sits in the object subsystem, which recently was
restructured to allow multiple backends that support a single object source that belongs to one
repository. A MIDX does span multiple "object sources".
* Reduce implicit assumption and dependence on the_repository in the object-file subsystem.
* Fixes since v2.50 Unless otherwise noted, all the changes in 2.50.X
maintenance track, including security updates, are included in this release.

* A memory-leak in an error code path has been plugged.
* Some leftover references to documentation source files that no longer exist, due to recent
".txt" -> ".adoc" renaming, have been corrected.
* "git stash -p <pathspec>" improvements.
* "git send-email" incremented its internal message counter when a message was edited, which
made logic that treats the first message specially misbehave, which has been corrected.
* "git stash" recorded a wrong branch name when submodules are present in the current checkout,
which has been corrected.
* When asking to apply mailmap to both author and committer field while showing a commit
object, the field that appears later was not correctly parsed and replaced, which has been
corrected.
* "git maintenance" lacked the care "git gc" had to avoid holding onto the repository lock for
too long during packing refs, which has been remedied.
* Avoid regexp_constraint and instead use comparison_constraint when listing functions to
exclude from application of coccinelle rules, as spatch can be built with different regexp engine
X-<.
* Updating submodules from the upstream did not work well when submodule's HEAD is detached,
which has been improved.
* Remove unnecessary check from "git daemon" code. (merge 0c856224d2 cb/daemon-fd-check-fix
later to maint).
* Use of sysctl() system call to learn the total RAM size used on BSDs has been corrected.
* Drop FreeBSD 4 support and declare that we support only FreeBSD 12 or later, which has
memmem() supported.
* A diff-filter with negative-only specification like "git log \--diff-filter=d" did not
trigger correctly, which has been fixed.
* A failure to open the index file for writing due to conflicting access did not state what
went wrong, which has been corrected.
* Tempfile removal fix in the codepath to sign commits with SSH keys.
* Code and test clean-up around string-list API.
* "git apply -N" should start from the current index and register only new files, but it
instead started from an empty index, which has been corrected.
* Leakfix with a new and a bit invasive test on pack-bitmap files.
* "git fetch --prune" used to be O(n^2) expensive when there are many refs, which has been
corrected.
* When a ref creation at refs/heads/foo/bar fails, the files backend now removes
refs/heads/foo/ if the directory is otherwise not used.
* "pack-objects" has been taught to avoid pointing into objects in cruft packs from midx.
* "git remote" now detects remote names that overlap with each other (e.g., remote nickname
"outer" and "outer/inner" are used at the same time), as it will lead to overlapping
remote-tracking branches.
* The gpg.program configuration variable, which names a pathname to the (custom) GPG compatible
program, can now be spelled with ~tilde expansion.
* Our <sane-ctype.h> header file relied on that the system-supplied <ctype.h> header is not
later included, which would override our macro definitions, but "amazon linux" broke this
assumption. Fix this by preemptively including <ctype.h> near the beginning of <sane-ctype.h>
ourselves. (merge 9d3b33125f ps/sane-ctype-workaround later to maint).
* Clean-up compat/bswap.h mess. (merge f4ac32c03a ss/compat-bswap-revamp later to maint).
* Meson-based build did not handle libexecdir setting correctly, which has been corrected.
(merge 056dbe8612 rj/meson-libexecdir-fix later to maint).
* Document that we do not require "real" name when signing your patches off. (merge 1f0fed312a
bc/contribution-under-non-real-names later to maint).
* "git commit" that concludes a conflicted merge failed to notice and remove existing comment
added automatically (like "# Conflicts:") when the core.commentstring is set to 'auto'. (merge
92b7c7c9f5 ac/auto-comment-char-fix later to maint).
* "git rebase -i" with bogus rebase.instructionFormat configuration failed to produce the todo
file after recording the state files, leading to confused "git status"; this has been corrected.
(merge ade14bffd7 ow/rebase-verify-insn-fmt-before-initializing-state later to maint).
* A few file descriptors left unclosed upon program completion in a few test helper programs
are now closed. (merge 0f1b33815b hl/test-helper-fd-close later to maint).
* Interactive prompt code did not correctly strip CRLF from the end of line on Windows. (merge
711a20827b js/prompt-crlf-fix later to maint).
* The config API had a set of convenience wrapper functions that implicitly use the_repository
instance; they have been removed and inlined at the calling sites.
* "git add/etc -p" now honor the diff.context configuration variable, and also they learn to
honor the -U<n> command-line option. (merge 2b3ae04011 lm/add-p-context later to maint).
* The case where a new submodule takes a path where there used to be a completely different
subproject is now dealt with a bit better than before. (merge 5ed8c5b465 kj/renamed-submodule later
to maint).
* The deflate codepath in "git archive --format=zip" had a longstanding bug coming from misuse
of zlib API, which has been corrected.
* Update to 2.50.1:

* CVE-2025-27613: Fixed arbitrary writable file creation and truncation in
Gitk (bsc#1245938)

* CVE-2025-27614: Fixed arbitrary script execution via repo clonation in gitk
(bsc#1245939)
* CVE-2025-46835: Fixed untrusted repository cloning leading to arbitrary
writable file creation in Git GUI (bsc#1245942)
* CVE-2025-48384: Fixed CRLF transforming (bsc#1245943)
* CVE-2025-48385: Fixed arbitrary code execution due to protocol injection
(bsc#1245946)
* CVE-2025-48386: Fixed buffer overflow in static buffer (bsc#1245947)

* Update to 2.48.1:

* CVE-2024-50349: Fixed password leak (bsc#1235600)

* CVE-2024-52006: Fixed Carriage Returns via the credential protocol to
credential helpers (bsc#1235601)

* Update to 2.48.0:

* Reference consistency checks: git refs verify

* Reflogs can now be migrated with git refs migrate
* git is free of memory leaks as covered by the test suite
* Performance improvements

* Update to 2.47.1:

* Use after free and double freeing at the end in "git log -L... -p" had been
identified and fixed.

* "git maintenance start" crashed due to an uninitialized variable reference,
which has been corrected.
* Fail gracefully instead of crashing when attempting to write the contents of
a corrupt in-core index as a tree object.
* A "git fetch" from the superproject going down to a submodule used a wrong
remote when the default remote names are set differently between them.
* The "gitk" project tree has been synchronized again

* Update to 2.47.0:

* A few descriptions in "git show-ref -h" have been clarified.

* A 'P' command to "git add -p" that passes the patch hunk to the pager has
been added.
* "git grep -W" omits blank lines that follow the found function at the end of
the file, just like it omits blank lines before the next function.
* The value of http.proxy can have "path" at the end for a socks proxy that
listens to a unix-domain socket, but we started to discard it when we taught
proxy auth code path to use the credential helpers, which has been
corrected.
* The code paths to compact multiple reftable files have been updated to
correctly deal with multiple compaction triggering at the same time.
* Support to specify ref backend for submodules has been enhanced.
* "git svn" has been taught about svn:global-ignores property recent versions
of Subversion has.
* The default object hash and ref backend format used to be settable only with
explicit command line option to "git init" and environment variables, but
now they can be configured in the user's global and system wide
configuration.
* "git send-email" learned "\--translate-aliases" option that reads addresses
from the standard input and emits the result of applying aliases on them to
the standard output.
* 'git for-each-ref' learned a new "\--format" atom to find the branch that
the history leading to a given commit "%(is-base:<commit>)" is likely based
on.
* The command line prompt support used to be littered with bash-isms, which
has been corrected to work with more shells.
* Support for the RUNTIME_PREFIX feature has been added to z/OS port.
* "git send-email" learned "\--mailmap" option to allow rewriting the
recipient addresses.
* "git mergetool" learned to use VSCode as a merge backend.
* "git pack-redundant" has been marked for removal in Git 3.0.
* One-line messages to "die" and other helper functions will get LF added by
these helper functions, but many existing messages had an unnecessary LF at
the end, which have been corrected.
* The "scalar clone" command learned the "\--no-tags" option.
* The environment GIT_ADVICE has been intentionally kept undocumented to
discourage its use by interactive users. Add documentation to help tool
writers.
* "git apply --3way" learned to take "\--ours" and other options.

* Update to version 2.46.2:

* Revert the "git patch-id" change that went into 2.46.1, as it seems to have
got a regression reported (I haven't verified, but it is better to keep a
known breakage than adding an unintended regression).

* In a few corner cases "git diff --exit-code" failed to report "changes"
(e.g., renamed without any content change), which has been corrected.
* The interpret-trailers command failed to recognise the end of the message
when the commit log ends in an incomplete line.

* Update to version 2.46.1;

* "git checkout --ours" (no other arguments) complained that the option is
incompatible with branch switching, which is technically correct, but found
confusing by some users. It now says that the user needs to give pathspec to
specify what paths to checkout.

* It has been documented that we avoid "VAR=VAL shell_func" and why.
* "git add -p" by users with diff.suppressBlankEmpty set to true failed to
parse the patch that represents an unmodified empty line with an empty line
(not a line with a single space on it), which has been corrected.
* "git rebase --help" referred to "offset" (the difference between the
location a change was taken from and the change gets replaced) incorrectly
and called it "fuzz", which has been corrected.
* "git notes add -m '' \--allow-empty" and friends that take prepared data to
create notes should not invoke an editor, but it started doing so since Git
2.42, which has been corrected.
* An expensive operation to prepare tracing was done in re-encoding code path
even when the tracing was not requested, which has been corrected.
* Perforce tests have been updated.
* The credential helper to talk to OSX keychain sometimes sent garbage bytes
after the username, which has been corrected.
* A recent update broke "git ls-remote" used outside a repository, which has
been corrected.
* "git config --value=foo --fixed-value section.key newvalue" barfed when the
existing value in the configuration file used the valueless true syntax,
which has been corrected.
* "git reflog expire" failed to honor annotated tags when computing reachable
commits.
* A flakey test and incorrect calls to strtoX() functions have been fixed.
* Follow-up on 2.45.1 regression fix.
* "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should behave
more or less like "git log -p --remerge-diff" but instead it crashed,
forgetting to prepare a temporary object store needed.
* The patch parser in "git patch-id" has been tightened to avoid getting
confused by lines that look like a patch header in the log message.
* "git bundle unbundle" outside a repository triggered a BUG() unnecessarily,
which has been corrected.
* The code forgot to discard unnecessary in-core commit buffer data for
commits that "git log --skip=<number>" traversed but omitted from the
output, which has been corrected.
* "git verify-pack" and "git index-pack" started dying outside a repository,
which has been corrected.
* A corner case bug in "git stash" was fixed.

* Change less requirement to path to allow for use with BusyBox

* Update to 2.46.0

UI, Workflows & Features * The "\--rfc" option of "git format-patch" learned to
take an optional string value to be used in place of "RFC" to tweak the
"[PATCH]" on the subject header. * The credential helper protocol, together with
the HTTP layer, have been enhanced to support authentication schemes different
from username & password pair, like Bearer and NTLM. * Command line completion
script (in contrib/) learned to complete "git symbolic-ref" a bit better (you
need to enable plumbing commands to be completed with
GIT_COMPLETION_SHOW_ALL_COMMANDS). * When the user responds to a prompt given by
"git add -p" with an unsupported command, list of available commands were given,
which was too much if the user knew what they wanted to type but merely made a
typo. Now the user gets a much shorter error message. * The color parsing code
learned to handle 12-bit RGB colors, spelled as "#RGB" (in addition to "#RRGGBB"
that is already supported). * The operation mode options (like "\--get") the
"git config" command uses have been deprecated and replaced with subcommands
(like "git config get"). * "git tag" learned the "\--trailer" option to futz
with the trailers in the same way as "git commit" does. * A new global "\--no-
advice" option can be used to disable all advice messages, which is meant to be
used only in scripts. * Updates to symbolic refs can now be made as a part of
ref transaction. * The trailer API has been reshuffled a bit. * Terminology to
call various ref-like things are getting straightened out. * The command line
completion script (in contrib/) has been adjusted to the recent update to "git
config" that adopted subcommand based UI. * The knobs to tweak how reftable
files are written have been made available as configuration variables. * When
"git push" notices that the commit at the tip of the ref on the other side it is
about to overwrite does not exist locally, it used to first try fetching it if
the local repository is a partial clone. The command has been taught not to do
so and immediately fail instead. * The promisor.quiet configuration knob can be
set to true to make lazy fetching from promisor remotes silent. * The
inter/range-diff output has been moved to the end of the patch when format-patch
adds it to a single patch, instead of writing it before the patch text, to be
consistent with what is done for a cover letter for a multi-patch series. * A
new command has been added to migrate a repository that uses the files backend
for its ref storage to use the reftable backend, with limitations. * "git diff
--exit-code --ext-diff" learned to take the exit status of the external diff
driver into account when deciding the exit status of the overall "git diff"
invocation when configured to do so. * "git update-ref --stdin" learned to
handle transactional updates of symbolic-refs. * "git format-patch --interdiff"
for multi-patch series learned to turn on cover letters automatically (unless
told never to enable cover letter with "\--no-cover-letter" and such). * The
"\--heads" option of "ls-remote" and "show-ref" has been been deprecated;
"\--branches" replaces "\--heads". * For over a year, setting
add.interactive.useBuiltin configuration variable did nothing but giving a "this
does not do anything" warning. The warning has been removed. * The http
transport can now be told to send request with authentication material without
first getting a 401 response. * A handful of entries are added to the GitFAQ
document. * "git var GIT_SHELL_PATH" should report the path to the shell used to
spawn external commands, but it didn't do so on Windows, which has been
corrected. Performance, Internal Implementation, Development Support etc. *
Advertise "git contacts", a tool for newcomers to find people to ask review for
their patches, a bit more in our developer documentation. * In addition to
building the objects needed, try to link the objects that are used in fuzzer
tests, to make sure at least they build without bitrot, in Linux CI runs. * Code
to write out reftable has seen some optimization and simplification. * Tests to
ensure interoperability between reftable written by jgit and our code have been
added and enabled in CI. * The singleton index_state instance "the_index" has
been eliminated by always instantiating "the_repository" and replacing
references to "the_index" with references to its .index member. * Git-GUI has a
new maintainer, Johannes Sixt. * The "test-tool" has been taught to run
testsuite tests in parallel, bypassing the need to use the "prove" tool. * The
"whitespace check" task that was enabled for GitHub Actions CI has been ported
to GitLab CI. * The refs API lost functions that implicitly assumes to work on
the primary ref_store by forcing the callers to pass a ref_store as an argument.
* Code clean-up to reduce inter-function communication inside builtin/config.c
done via the use of global variables. * The pack bitmap code saw some clean-up
to prepare for a follow-up topic. * Preliminary code clean-up for "git send-
email". * The default "creation-factor" used by "git format-patch" has been
raised to make it more aggressively find matching commits. * Before discovering
the repository details, We used to assume SHA-1 as the "default" hash function,
which has been corrected. Hopefully this will smoke out codepaths that rely on
such an unwarranted assumptions. * The project decision making policy has been
documented. * The strcmp-offset tests have been rewritten using the unit test
framework. * "git add -p" learned to complain when an answer with more than one
letter is given to a prompt that expects a single letter answer. * The alias-
expanded command lines are logged to the trace output. * A new test was added to
ensure git commands that are designed to run outside repositories do work. * A
few tests in reftable library have been rewritten using the unit test framework.
* A pair of test helpers that essentially are unit tests on hash algorithms have
been rewritten using the unit-tests framework. * A test helper that essentially
is unit tests on the "decorate" logic has been rewritten using the unit-tests
framework. * Many memory leaks in the sparse-checkout code paths have been
plugged. * "make check-docs" noticed problems and reported to its output but
failed to signal its findings with its exit status, which has been corrected. *
Building with "-Werror -Wwrite-strings" is now supported. * To help developers,
the build procedure now allows builders to use CFLAGS_APPEND to specify
additional CFLAGS. * "oidtree" tests were rewritten to use the unit test
framework. * The structure of the document that records longer-term project
decisions to deprecate/remove/update various behaviour has been outlined. * The
pseudo-merge reachability bitmap to help more efficient storage of the
reachability bitmap in a repository with too many refs has been added. * When
"git merge" sees that the index cannot be refreshed (e.g. due to another process
doing the same in the background), it died but after writing MERGE_HEAD etc.
files, which was useless for the purpose to recover from the failure. * The
output from "git cat-file --batch-check" and "\--batch-command (info)" should
not be unbuffered, for which some tests have been added. * A CPP macro
USE_THE_REPOSITORY_VARIABLE is introduced to help transition the codebase to
rely less on the availability of the singleton the_repository instance. * "git
version --build-options" reports the version information of OpenSSL and other
libraries (if used) in the build. * Memory ownership rules for the in-core
representation of remote.*.url configuration values have been straightened out,
which resulted in a few leak fixes and code clarification. * When bundleURI
interface fetches multiple bundles, Git failed to take full advantage of all
bundles and ended up slurping duplicated objects, which has been corrected. *
The code to deal with modified paths that are out-of-cone in a sparsely checked
out working tree has been optimized. * An existing test of oidmap API has been
rewritten with the unit-test framework. * The "ort" merge backend saw one bugfix
for a crash that happens when inner merge gets killed, and assorted code clean-
ups. * A new warning message is issued when a command has to expand a sparse
index to handle working tree cruft that are outside of the sparse checkout. *
The test framework learned to take the test body not as a single string but as a
here-document. * "git push '' HEAD:there" used to hit a BUG(); it has been
corrected to die with "fatal: bad repository ''". * What happens when
http.cookieFile gets the special value "" has been clarified in the
documentation. Fixes * "git rebase --signoff" used to forget that it needs to
add a sign-off to the resulting commit when told to continue after a conflict
stops its operation. * The procedure to build multi-pack-index got confused by
the replace-refs mechanism, which has been corrected by disabling the latter. *
The "-k" and "\--rfc" options of "format-patch" will now error out when used
together, as one tells us not to add anything to the title of the commit, and
the other one tells us to add "RFC" in addition to "PATCH". * "git stash -S" did
not handle binary files correctly, which has been corrected. * A scheduled "git
maintenance" job is expected to work on all repositories it knows about, but it
stopped at the first one that errored out. Now it keeps going. * zsh can pretend
to be a normal shell pretty well except for some glitches that we tickle in some
of our scripts. Work them around so that "vimdiff" and our test suite works well
enough with it. * Command line completion support for zsh (in contrib/) has been
updated to stop exposing internal state to end-user shell interaction. * Tests
that try to corrupt in-repository files in chunked format did not work well on
macOS due to its broken "mv", which has been worked around. * The maximum size
of attribute files is enforced more consistently. * Unbreak CI jobs so that we
do not attempt to use Python 2 that has been removed from the platform. * Git
2.43 started using the tree of HEAD as the source of attributes in a bare
repository, which has severe performance implications. For now, revert the
change, without ripping out a more explicit support for the attr.tree
configuration variable. * The "\--exit-code" option of "git diff" command
learned to work with the "\--ext-diff" option. * Windows CI running in GitHub
Actions started complaining about the order of arguments given to calloc(); the
imported regex code uses the wrong order almost consistently, which has been
corrected. * Expose "name conflict" error when a ref creation fails due to D/F
conflict in the ref namespace, to improve an error message given by "git fetch".
(merge 9339fca23e it/refs-name-conflict later to maint). * The SubmittingPatches
document now refers folks to manpages translation project. * The documentation
for "git diff --name-only" has been clarified that it is about showing the names
in the post-image tree. * The credential helper that talks with osx keychain
learned to avoid storing back the authentication material it just got received
from the keychain. (merge e1ab45b2da kn/osxkeychain-skip-idempotent-store later
to maint). * The chainlint script (invoked during "make test") did nothing when
it failed to detect the number of available CPUs. It now falls back to 1 CPU to
avoid the problem. * Revert overly aggressive "layered defence" that went into
2.45.1 and friends, which broke "git-lfs", "git-annex", and other use cases, so
that we can rebuild necessary counterparts in the open. * "git init" in an
already created directory, when the user configuration has includeif.onbranch,
started to fail recently, which has been corrected. * Memory leaks in "git mv"
has been plugged. * The safe.directory configuration knob has been updated to
optionally allow leading path matches. * An overly large ".gitignore" files are
now rejected silently. * Upon expiration event, the credential subsystem forgot
to clear in-core authentication material other than password (whose support was
added recently), which has been corrected. * Fix for an embarrassing typo that
prevented Python2 tests from running anywhere. * Varargs functions that are
unannotated as printf-like or execl-like have been annotated as such. * "git am"
has a safety feature to prevent it from starting a new session when there
already is a session going. It reliably triggers when a mbox is given on the
command line, but it has to rely on the tty-ness of the standard input. Add an
explicit way to opt out of this safety with a command line option. (merge
62c71ace44 jk/am-retry later to maint). * A leak in "git imap-send" that somehow
escapes LSan has been plugged. * Setting core.abbrev too early before the
repository set-up (typically in "git clone") caused segfault, which as been
corrected. * When the user adds to "git rebase -i" instruction to "pick" a merge
commit, the error experience is not pleasant. Such an error is now caught
earlier in the process that parses the todo list. * We forgot to normalize the
result of getcwd() to NFC on macOS where all other paths are normalized, which
has been corrected. This still does not address the case where
core.precomposeUnicode configuration is not defined globally. * Earlier we
stopped using the tree of HEAD as the default source of attributes in a bare
repository, but failed to document it. This has been corrected. * "git update-
server-info" and "git commit-graph --write" have been updated to use the
tempfile API to avoid leaving cruft after failing. * An unused extern
declaration for mingw has been removed to prevent it from causing build failure.
* A helper function shared between two tests had a copy-paste bug, which has
been corrected. * "git fetch-pack -k -k" without passing "\--lock-pack" (which
we never do ourselves) did not work at all, which has been corrected. * CI job
to build minimum fuzzers learned to pass NO_CURL=NoThanks to the build
procedure, as its build environment does not offer, or the rest of the build
needs, anything cURL. (merge 4e66b5a990 jc/fuzz-sans-curl later to maint). *
"git diff --no-ext-diff" when diff.external is configured ignored the "\--color-
moved" option. (merge 0f4b0d4cf0 rs/diff-color-moved-w-no-ext-diff-fix later to
maint). * "git archive --add-virtual-file=<path>:<contents>" never paid
attention to the --prefix=<prefix> option but the documentation said it would.
The documentation has been corrected. (merge 72c282098d jc/archive-prefix-with-
add-virtual-file later to maint). * When GIT_PAGER failed to spawn, depending on
the code path taken, we failed immediately (correct) or just spew the payload to
the standard output (incorrect). The code now always fail immediately when
GIT_PAGER fails. (merge 78f0a5d187 rj/pager-die-upon-exec-failure later to
maint). * date parser updates to be more careful about underflowing epoch based
timestamp. (merge 9d69789770 db/date-underflow-fix later to maint). * The Bloom
filter used for path limited history traversal was broken on systems whose
"char" is unsigned; update the implementation and bump the format version to 2.
(merge 9c8a9ec787 tb/path-filter-fix later to maint). * Typofix. (merge
231cf7370e as/pathspec-h-typofix later to maint). * Code clean-up. (merge
4b837f821e rs/simplify-submodule-helper-super-prefix-invocation later to maint).
* "git describe --dirty --broken" forgot to refresh the index before seeing if
there is any chang, ("git describe --dirty" correctly did so), which has been
corrected. (merge b8ae42e292 as/describe-broken-refresh-index-fix later to
maint). * Test suite has been taught not to unnecessarily rely on DNS failing a
bogus external name. (merge 407cdbd271 jk/tests-without-dns later to maint). *
GitWeb update to use committer date consistently in rss/atom feeds. (merge
cf6ead095b am/gitweb-feed-use-committer-date later to maint). * Custom control
structures we invented more recently have been taught to the clang-format file.
(merge 1457dff9be rs/clang-format-updates later to maint). * Developer build
procedure fix. (merge df32729866 tb/dev-build-pedantic-fix later to maint). *
"git push" that pushes only deletion gave an unnecessary and harmless error
message when push negotiation is configured, which has been corrected. (merge
4d8ee0317f jc/disable-push-nego-for-deletion later to maint). * Address-looking
strings found on the trailer are now placed on the Cc: list after running
through sanitize_address by "git send-email". (merge c852531f45 cb/send-email-
sanitize-trailer-addresses later to maint). * Tests that use
GIT_TEST_SANITIZE_LEAK_LOG feature got their exit status inverted, which has
been corrected. (merge 8c1d6691bc rj/test-sanitize-leak-log-fix later to maint).
* The http.cookieFile and http.saveCookies configuration variables have a few
values that need to be avoided, which are now ignored with warning messages.
(merge 4f5822076f jc/http-cookiefile later to maint). * Repacking a repository
with multi-pack index started making stupid pack selections in Git 2.45, which
has been corrected. (merge 8fb6d11fad ds/midx-write-repack-fix later to maint).
* Fix documentation mark-up regression in 2.45. (merge 6474da0aa4 ja/doc-markup-
updates-fix later to maint). * Work around asciidoctor's css that renders
`monospace` material in the SYNOPSIS section of manual pages as block elements.
(merge d44ce6ddd5 js/doc-markup-updates-fix later to maint).

* CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in
git_index_add (bsc#1219660)

* Update to 2.45.2:

* Revert "defense in depth" fixes from 2.45.1 broke 'git lfs' and 'git annex'

* remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro,
[bsc#1212476]

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Micro 6.0
zypper in -t patch SUSE-SLE-Micro-6.0-470=1

## Package List:

* SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
* perl-Git-2.51.0-1.1
* git-debugsource-2.51.0-1.1
* git-core-2.51.0-1.1
* git-2.51.0-1.1
* git-core-debuginfo-2.51.0-1.1
* git-debuginfo-2.51.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-24577.html
* https://www.suse.com/security/cve/CVE-2024-50349.html
* https://www.suse.com/security/cve/CVE-2024-52006.html
* https://www.suse.com/security/cve/CVE-2025-27613.html
* https://www.suse.com/security/cve/CVE-2025-27614.html
* https://www.suse.com/security/cve/CVE-2025-46334.html
* https://www.suse.com/security/cve/CVE-2025-46835.html
* https://www.suse.com/security/cve/CVE-2025-48384.html
* https://www.suse.com/security/cve/CVE-2025-48385.html
* https://www.suse.com/security/cve/CVE-2025-48386.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212476
* https://bugzilla.suse.com/show_bug.cgi?id=1219660
* https://bugzilla.suse.com/show_bug.cgi?id=1235600
* https://bugzilla.suse.com/show_bug.cgi?id=1235601
* https://bugzilla.suse.com/show_bug.cgi?id=1239989
* https://bugzilla.suse.com/show_bug.cgi?id=1245938
* https://bugzilla.suse.com/show_bug.cgi?id=1245939
* https://bugzilla.suse.com/show_bug.cgi?id=1245942
* https://bugzilla.suse.com/show_bug.cgi?id=1245943
* https://bugzilla.suse.com/show_bug.cgi?id=1245946
* https://bugzilla.suse.com/show_bug.cgi?id=1245947

Attachment: None (type=text/html)
(HTML attachment elided)

From:		SLE-SECURITY-UPDATES <null@suse.de>
To:		sle-security-updates@lists.suse.com
Subject:		SUSE-SU-2025:20721-1: critical: Security update for git
Date:		Fri, 26 Sep 2025 16:40:33 -0000
Message-ID:		<175890483311.25554.11692259762497742738@smelt2.prg2.suse.org>