diff options
author | Junio C Hamano <gitster@pobox.com> | 2018-09-27 21:41:02 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-09-27 21:41:02 +0300 |
commit | e43aab778c72250e11eb00e31dc6be90072a1637 (patch) | |
tree | 5d798093eb539e50820241325edb45c745c99916 /Documentation | |
parent | fc54c1af3ec09bab8b8ea09768c2da4069b7f53e (diff) | |
parent | 27d05d1a1a62273aa3749f4d0ab8a126ef11ff66 (diff) |
Sync with 2.16.5
* maint-2.16:
Git 2.16.5
Git 2.15.3
Git 2.14.5
submodule-config: ban submodule paths that start with a dash
submodule-config: ban submodule urls that start with dash
submodule--helper: use "--" to signal end of clone options
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/RelNotes/2.14.5.txt | 16 | ||||
-rw-r--r-- | Documentation/RelNotes/2.15.3.txt | 6 | ||||
-rw-r--r-- | Documentation/RelNotes/2.16.5.txt | 6 |
3 files changed, 28 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.14.5.txt b/Documentation/RelNotes/2.14.5.txt new file mode 100644 index 0000000000..130645fb29 --- /dev/null +++ b/Documentation/RelNotes/2.14.5.txt @@ -0,0 +1,16 @@ +Git v2.14.5 Release Notes +========================= + +This release is to address the recently reported CVE-2018-17456. + +Fixes since v2.14.4 +------------------- + + * Submodules' "URL"s come from the untrusted .gitmodules file, but + we blindly gave it to "git clone" to clone submodules when "git + clone --recurse-submodules" was used to clone a project that has + such a submodule. The code has been hardened to reject such + malformed URLs (e.g. one that begins with a dash). + +Credit for finding and fixing this vulnerability goes to joernchen +and Jeff King, respectively. diff --git a/Documentation/RelNotes/2.15.3.txt b/Documentation/RelNotes/2.15.3.txt new file mode 100644 index 0000000000..fd2e6f8df7 --- /dev/null +++ b/Documentation/RelNotes/2.15.3.txt @@ -0,0 +1,6 @@ +Git v2.15.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.16.5.txt b/Documentation/RelNotes/2.16.5.txt new file mode 100644 index 0000000000..cb8ee02a9a --- /dev/null +++ b/Documentation/RelNotes/2.16.5.txt @@ -0,0 +1,6 @@ +Git v2.16.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. |