File: 2.13.7.txt

package info (click to toggle)
cgit 1.2.3%2Bgit2.25.1-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 44,972 kB
  • sloc: ansic: 236,086; sh: 194,031; perl: 29,806; tcl: 22,076; python: 6,583; makefile: 3,877; sed: 189; php: 120; asm: 98; csh: 45; ruby: 43; lisp: 12
file content (20 lines) | stat: -rw-r--r-- 780 bytes parent folder | download | duplicates (11)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Git v2.13.7 Release Notes
=========================

Fixes since v2.13.6
-------------------

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Credit for fixing for these bugs goes to Jeff King, Johannes
Schindelin and others.