Git 2.13.7
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Junio C Hamano
parent
8528c31d98
commit
0114f71344
20
Documentation/RelNotes/2.13.7.txt
Normal file
20
Documentation/RelNotes/2.13.7.txt
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
Git v2.13.7 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
Fixes since v2.13.6
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
* Submodule "names" come from the untrusted .gitmodules file, but we
|
||||||
|
blindly append them to $GIT_DIR/modules to create our on-disk repo
|
||||||
|
paths. This means you can do bad things by putting "../" into the
|
||||||
|
name. We now enforce some rules for submodule names which will cause
|
||||||
|
Git to ignore these malicious names (CVE-2018-11235).
|
||||||
|
|
||||||
|
Credit for finding this vulnerability and the proof of concept from
|
||||||
|
which the test script was adapted goes to Etienne Stalmans.
|
||||||
|
|
||||||
|
* It was possible to trick the code that sanity-checks paths on NTFS
|
||||||
|
into reading random piece of memory (CVE-2018-11233).
|
||||||
|
|
||||||
|
Credit for fixing for these bugs goes to Jeff King, Johannes
|
||||||
|
Schindelin and others.
|
||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
GVF=GIT-VERSION-FILE
|
GVF=GIT-VERSION-FILE
|
||||||
DEF_VER=v2.13.6
|
DEF_VER=v2.13.7
|
||||||
|
|
||||||
LF='
|
LF='
|
||||||
'
|
'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user