File: 2.17.6.txt

package info (click to toggle)
cgit 1.2.3%2Bgit20240802.70.09d24d7%2Bgit2.46.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 56,184 kB
  • sloc: ansic: 301,641; sh: 254,574; perl: 29,353; tcl: 22,151; makefile: 4,198; python: 3,594; javascript: 810; csh: 45; ruby: 43; lisp: 12
file content (16 lines) | stat: -rw-r--r-- 511 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
Git v2.17.6 Release Notes
=========================

This release addresses the security issues CVE-2021-21300.

Fixes since v2.17.5
-------------------

 * CVE-2021-21300:
   On case-insensitive file systems with support for symbolic links,
   if Git is configured globally to apply delay-capable clean/smudge
   filters (such as Git LFS), Git could be fooled into running
   remote code during a clone.

Credit for finding and fixing this vulnerability goes to Matheus
Tavares, helped by Johannes Schindelin.