Git 2.13.7

Signed-off-by: N Junio C Hamano <gitster@pobox.com>

Git 2.13.7
Signed-off-by: N Junio C Hamano <gitster@pobox.com>
0114f713 · Junio C Hamano · 8528c31d · 0114f713 · 0114f713 · 0114f713
隐藏空白更改
内联并排

Showing with 22 addition and 2 deletion

Documentation/RelNotes/2.13.7.txt Documentation/RelNotes/2.13.7.txt +20 -0

GIT-VERSION-GEN GIT-VERSION-GEN +1 -1

RelNotes RelNotes +1 -1

未找到文件。
--- a/Documentation/RelNotes/2.13.7.txt
+++ b/Documentation/RelNotes/2.13.7.txt
+Git v2.13.7 Release Notes
+=========================
+
+Fixes since v2.13.6
+-------------------
+
+ * Submodule "names" come from the untrusted .gitmodules file, but we
+   blindly append them to $GIT_DIR/modules to create our on-disk repo
+   paths. This means you can do bad things by putting "../" into the
+   name. We now enforce some rules for submodule names which will cause
+   Git to ignore these malicious names (CVE-2018-11235).
+
+   Credit for finding this vulnerability and the proof of concept from
+   which the test script was adapted goes to Etienne Stalmans.
+
+ * It was possible to trick the code that sanity-checks paths on NTFS
+   into reading random piece of memory (CVE-2018-11233).
+
+Credit for fixing for these bugs goes to Jeff King, Johannes
+Schindelin and others.
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
 #!/bin/sh

 GVF=GIT-VERSION-FILE
-DEF_VER=v2.13.6
+DEF_VER=v2.13.7

 LF='
 '

--- a/RelNotes
+++ b/RelNotes
-Documentation/RelNotes/2.13.6.txt
\ No newline at end of file
+Documentation/RelNotes/2.13.7.txt
\ No newline at end of file