kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
56536 Commits
6 Branches
36 Tags
131 MiB
 
 
 
 
 
 
Tree: 3e8ed3b93e
git/Documentation/RelNotes/2.13.7.txt

20 lines
780 B
Raw Blame History

Git v2.13.7 Release Notes
=========================
Fixes since v2.13.6
-------------------
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
Credit for fixing for these bugs goes to Jeff King, Johannes
Schindelin and others.