Git 2.17.6

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-01-29 19:13:11 +01:00 · 2021-01-29 19:13:11 +01:00 · 6b82d3eea6
parent 22539ec3b5
commit 6b82d3eea6
3 changed files with 18 additions and 2 deletions
--- a/Documentation/RelNotes/2.17.6.txt
+++ b/Documentation/RelNotes/2.17.6.txt
@ -0,0 +1,16 @@
+Git v2.17.6 Release Notes
+=========================
+
+This release addresses the security issues CVE-2021-21300.
+
+Fixes since v2.17.5
+-------------------
+
+ * CVE-2021-21300:
+   On case-insensitive file systems with support for symbolic links,
+   if Git is configured globally to apply delay-capable clean/smudge
+   filters (such as Git LFS), Git could be fooled into running
+   remote code during a clone.
+
+Credit for finding and fixing this vulnerability goes to Matheus
+Tavares, helped by Johannes Schindelin.
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 #!/bin/sh

 GVF=GIT-VERSION-FILE
-DEF_VER=v2.17.5
+DEF_VER=v2.17.6

 LF='
 '
--- a/2
+++ b/2
@ -1 +1 @@
-Documentation/RelNotes/2.17.5.txt
+Documentation/RelNotes/2.17.6.txt