Zhu Zihao schreef op di 19-04-2022 om 00:02 [+0800]:
> 
> Hi.
> 
> https://www.phoronix.com/scan.php?page=news_item&px=Git-CVE-2022-24765
> 
> This article says "likely due to only affect Microsoft Windows". I
> haven't test this CVE on *nix systems.
> 
> If it doesn't affect Guix systems, should I remove "[fixes
> CVE-2022-24765]" in the git commit message or leave it there?

According to <https://lwn.net/Articles/891112/#Comments> and its
comments, it affects ‘multi-user (*) Linux (**) systems’ as well, if
someone has their git repo inside /tmp.  (Does anyone actually do
that?)

(*) I would think this includes otherwise single-user systems with a
compromised daemon as well?  
(**) Presumably also GNU/Hurd and the BSDs.

Greetings,
Maxime.