update to 2.37.1 (CVE-2022-29187)
From the release notes for 2.30.5¹:
This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.
* The safety check that verifies a safe ownership of the Git
worktree is now extended to also cover the ownership of the Git
directory (and the `.git` file, if there is any).
Carlo Marcelo Arenas Belón (1):
setup: tighten ownership checks post CVE-2022-24765
Additionally, from the release notes for 2.37.1²:
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.
¹ https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.30.5.txt
² https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.37.1.txt