Git 2.14.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint v2.14.5
Junio C Hamano 2018-09-27 11:19:11 -07:00
parent 273c61496f
commit d0832b2847
3 changed files with 18 additions and 2 deletions

View File

@ -0,0 +1,16 @@
Git v2.14.5 Release Notes
=========================

This release is to address the recently reported CVE-2018-17456.

Fixes since v2.14.4
-------------------

* Submodules' "URL"s come from the untrusted .gitmodules file, but
we blindly gave it to "git clone" to clone submodules when "git
clone --recurse-submodules" was used to clone a project that has
such a submodule. The code has been hardened to reject such
malformed URLs (e.g. one that begins with a dash).

Credit for finding and fixing this vulnerability goes to joernchen
and Jeff King, respectively.

View File

@ -1,7 +1,7 @@
#!/bin/sh

GVF=GIT-VERSION-FILE
DEF_VER=v2.14.4
DEF_VER=v2.14.5

LF='
'

View File

@ -1 +1 @@
Documentation/RelNotes/2.14.4.txt
Documentation/RelNotes/2.14.5.txt