diff options
author | Junio C Hamano <gitster@pobox.com> | 2018-05-22 13:50:36 +0900 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-05-22 13:50:36 +0900 |
commit | 0114f71344844be9e5add321cffea34bac077d75 (patch) | |
tree | 1066054d066d005da9761ced28d899fd7edd29ac | |
parent | Merge branch 'jk/submodule-fix-loose' into maint-2.13 (diff) | |
download | tgif-0114f71344844be9e5add321cffea34bac077d75.tar.xz |
Git 2.13.7
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | Documentation/RelNotes/2.13.7.txt | 20 | ||||
-rwxr-xr-x | GIT-VERSION-GEN | 2 | ||||
l--------- | RelNotes | 2 |
3 files changed, 22 insertions, 2 deletions
diff --git a/Documentation/RelNotes/2.13.7.txt b/Documentation/RelNotes/2.13.7.txt new file mode 100644 index 0000000000..09fc01406c --- /dev/null +++ b/Documentation/RelNotes/2.13.7.txt @@ -0,0 +1,20 @@ +Git v2.13.7 Release Notes +========================= + +Fixes since v2.13.6 +------------------- + + * Submodule "names" come from the untrusted .gitmodules file, but we + blindly append them to $GIT_DIR/modules to create our on-disk repo + paths. This means you can do bad things by putting "../" into the + name. We now enforce some rules for submodule names which will cause + Git to ignore these malicious names (CVE-2018-11235). + + Credit for finding this vulnerability and the proof of concept from + which the test script was adapted goes to Etienne Stalmans. + + * It was possible to trick the code that sanity-checks paths on NTFS + into reading random piece of memory (CVE-2018-11233). + +Credit for fixing for these bugs goes to Jeff King, Johannes +Schindelin and others. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 3db6830bed..1534654ffc 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.13.6 +DEF_VER=v2.13.7 LF=' ' @@ -1 +1 @@ -Documentation/RelNotes/2.13.6.txt
\ No newline at end of file +Documentation/RelNotes/2.13.7.txt
\ No newline at end of file |