Hide Forgot
While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual drives assigned via subst <letter>:<path>. Git mistook such paths for relative paths, allowing writing outside of the worktree while cloning. References: https://kernel.googlesource.com/pub/scm/git/git/+/refs/tags/v2.24.1/Documentation/RelNotes/2.14.6.txt
Created git tracking bugs for this issue: Affects: fedora-all [bug 1781961]
Does this bug apply to Fedora (or RHEL)? The commit (https://git.kernel.org/pub/scm/git/git.git/commit/?id=f82a97eb9197c1e3768e72648f37ce0ca3233734) explicitly mentions mingw.
oss-security mailing list reference: https://www.openwall.com/lists/oss-security/2019/12/13/1
External References: https://github.com/git/git/security/advisories/GHSA-39hj-fvvf-mq4f
Upstream fix: https://github.com/git/git/commit/f82a97eb9197c1e3768e72648f37ce0ca3233734
Statement: This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6, 7, and 8 as this is a Windows only issue and it does not affect the Linux versions of git.