Git 2.40.1
An unscheduled update to Git 2.40.1 has been released due to the disclosure of five vulnerabilities in the system. The previous stable versions of Git were also updated.
The fixed vulnerabilities are:
CVE-2023-29007 - Allowed for the use of a configuration file $GIT_DIR/config to be substituted. The vulnerability could be exploited to execute code via specifying file paths in core.pager, core.editor and core.sshCommand;
CVE-2023-25652 - allowed using git apply --reject to overwrite files outside the working tree.