18888 moderate openSUSE Backports SLE-15-SP6 Update This update for git-lfs fixes the following issues: Update to 3.6.1: (boo#1235876): This release introduces a security fix for all platforms, which has been assigned CVE-2024-53263. When requesting credentials from Git for a remote host, prior versions of Git LFS passed portions of the host's URL to the git-credential(1) command without checking for embedded line-ending control characters, and then sent any credentials received back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker might have been able to retrieve a user's Git credentials. Git LFS now prevents bare line feed (LF) characters from being included in the values sent to the git-credential(1) command, and also prevents bare carriage return (CR) characters from being included unless the credential.protectProtocol configuration option is set to a value equivalent to false. * Bugs - Reject bare line-ending control characters in Git credential requests (@chrisd8088) update to version 3.6.0: - https://github.com/git-lfs/git-lfs/releases/tag/v3.6.0 update to 3.5.1: * Build release assets with Go 1.21 #5668 (@bk2204) * script/packagecloud: instantiate distro map properly #5662 (@bk2204) * Install msgfmt on Windows in CI and release workflows #5666 (@chrisd8088) update to version 3.4.1: - https://github.com/git-lfs/git-lfs/releases/tag/v3.4.1 git-lfs-3.6.1-bp156.2.3.1.src.rpm git-lfs-3.6.1-bp156.2.3.1.x86_64.rpm git-lfs-3.6.1-bp156.2.3.1.i586.rpm git-lfs-3.6.1-bp156.2.3.1.aarch64.rpm git-lfs-3.6.1-bp156.2.3.1.ppc64le.rpm git-lfs-3.6.1-bp156.2.3.1.s390x.rpm