Fast Version Control System
9a5cabc9ef
Fixes two security issues, described in the 2.13.7 release notes¹: * Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ¹ https://mirrors.edge.kernel.org/pub/software/scm/git/docs/RelNotes/2.13.7.txt |
||
|---|---|---|
| .gitignore | ||
| .mailmap | ||
| .rpmlint | ||
| 0001-daemon.c-fix-condition-for-redirecting-stderr.patch | ||
| 0001-git-svn-avoid-warning-on-undef-readline.patch | ||
| 0001-rev-parse-check-lookup-ed-commit-references-for-NULL.patch | ||
| git-1.8-gitweb-home-link.patch | ||
| git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch | ||
| git-gui.desktop | ||
| git-init.el | ||
| git.socket | ||
| git.spec | ||
| git.xinetd.in | ||
| git@.service.in | ||
| gitweb-httpd.conf | ||
| gitweb.conf.in | ||
| gpgkey-junio.asc | ||
| print-failed-test-output | ||
| sources | ||