File: 2.14.5.txt

package info (click to toggle)
cgit 1.2.3%2Bgit2.25.1-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 44,972 kB
  • sloc: ansic: 236,086; sh: 194,031; perl: 29,806; tcl: 22,076; python: 6,583; makefile: 3,877; sed: 189; php: 120; asm: 98; csh: 45; ruby: 43; lisp: 12
file content (16 lines) | stat: -rw-r--r-- 578 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
Git v2.14.5 Release Notes
=========================

This release is to address the recently reported CVE-2018-17456.

Fixes since v2.14.4
-------------------

 * Submodules' "URL"s come from the untrusted .gitmodules file, but
   we blindly gave it to "git clone" to clone submodules when "git
   clone --recurse-submodules" was used to clone a project that has
   such a submodule.  The code has been hardened to reject such
   malformed URLs (e.g. one that begins with a dash).

Credit for finding and fixing this vulnerability goes to joernchen
and Jeff King, respectively.