Sync with 2.36.6
* maint-2.36: (30 commits) Git 2.36.6 Git 2.35.8 Git 2.34.8 Git 2.33.8 Git 2.32.7 Git 2.31.8 tests: avoid using `test_i18ncmp` Git 2.30.9 gettext: avoid using gettext if the locale dir is not present apply --reject: overwrite existing `.rej` symlink if it exists http.c: clear the 'finished' member once we are done with it clone.c: avoid "exceeds maximum object size" error with GCC v12.x range-diff: use ssize_t for parsed "len" in read_patches() range-diff: handle unterminated lines in read_patches() range-diff: drop useless "offset" variable from read_patches() t5604: GETTEXT_POISON fix, conclusion t5604: GETTEXT_POISON fix, part 1 t5619: GETTEXT_POISON fix t0003: GETTEXT_POISON fix, conclusion t0003: GETTEXT_POISON fix, part 1 t0033: GETTEXT_POISON fix ...
This commit is contained in:
Johannes Schindelin
43
Documentation/RelNotes/2.30.9.txt
Normal file
43
Documentation/RelNotes/2.30.9.txt
Normal file
@ -0,0 +1,43 @@
|
||||
Git v2.30.9 Release Notes
|
||||
=========================
|
||||
|
||||
This release addresses the security issues CVE-2023-25652,
|
||||
CVE-2023-25815, and CVE-2023-29007.
|
||||
|
||||
|
||||
Fixes since v2.30.8
|
||||
-------------------
|
||||
|
||||
* CVE-2023-25652:
|
||||
|
||||
By feeding specially crafted input to `git apply --reject`, a
|
||||
path outside the working tree can be overwritten with partially
|
||||
controlled contents (corresponding to the rejected hunk(s) from
|
||||
the given patch).
|
||||
|
||||
* CVE-2023-25815:
|
||||
|
||||
When Git is compiled with runtime prefix support and runs without
|
||||
translated messages, it still used the gettext machinery to
|
||||
display messages, which subsequently potentially looked for
|
||||
translated messages in unexpected places. This allowed for
|
||||
malicious placement of crafted messages.
|
||||
|
||||
* CVE-2023-29007:
|
||||
|
||||
When renaming or deleting a section from a configuration file,
|
||||
certain malicious configuration values may be misinterpreted as
|
||||
the beginning of a new configuration section, leading to arbitrary
|
||||
configuration injection.
|
||||
|
||||
Credit for finding CVE-2023-25652 goes to Ry0taK, and the fix was
|
||||
developed by Taylor Blau, Junio C Hamano and Johannes Schindelin,
|
||||
with the help of Linus Torvalds.
|
||||
|
||||
Credit for finding CVE-2023-25815 goes to Maxime Escourbiac and
|
||||
Yassine BENGANA of Michelin, and the fix was developed by Johannes
|
||||
Schindelin.
|
||||
|
||||
Credit for finding CVE-2023-29007 goes to André Baptista and Vítor Pinho
|
||||
of Ethiack, and the fix was developed by Taylor Blau, and Johannes
|
||||
Schindelin, with help from Jeff King, and Patrick Steinhardt.
|
||||
6
Documentation/RelNotes/2.31.8.txt
Normal file
6
Documentation/RelNotes/2.31.8.txt
Normal file
@ -0,0 +1,6 @@
|
||||
Git v2.31.8 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges the fixes that appear in v2.30.9 to address the
|
||||
security issues CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007;
|
||||
see the release notes for that version for details.
|
||||
7
Documentation/RelNotes/2.32.7.txt
Normal file
7
Documentation/RelNotes/2.32.7.txt
Normal file
@ -0,0 +1,7 @@
|
||||
Git v2.32.7 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges the fixes that appear in v2.30.9 and v2.31.8 to
|
||||
address the security issues CVE-2023-25652, CVE-2023-25815, and
|
||||
CVE-2023-29007; see the release notes for these versions for
|
||||
details.
|
||||
7
Documentation/RelNotes/2.33.8.txt
Normal file
7
Documentation/RelNotes/2.33.8.txt
Normal file
@ -0,0 +1,7 @@
|
||||
Git v2.33.8 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges the fixes that appear in v2.30.9, v2.31.8 and
|
||||
v2.32.7 to address the security issues CVE-2023-25652,
|
||||
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
|
||||
versions for details.
|
||||
7
Documentation/RelNotes/2.34.8.txt
Normal file
7
Documentation/RelNotes/2.34.8.txt
Normal file
@ -0,0 +1,7 @@
|
||||
Git v2.34.8 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges the fixes that appear in v2.30.9, v2.31.8,
|
||||
v2.32.7 and v2.33.8 to address the security issues CVE-2023-25652,
|
||||
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
|
||||
versions for details.
|
||||
7
Documentation/RelNotes/2.35.8.txt
Normal file
7
Documentation/RelNotes/2.35.8.txt
Normal file
@ -0,0 +1,7 @@
|
||||
Git v2.35.8 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges the fixes that appear in v2.30.9, v2.31.8,
|
||||
v2.32.7, v2.33.8 and v2.34.8 to address the security issues
|
||||
CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007; see the release
|
||||
notes for these versions for details.
|
||||
7
Documentation/RelNotes/2.36.6.txt
Normal file
7
Documentation/RelNotes/2.36.6.txt
Normal file
@ -0,0 +1,7 @@
|
||||
Git v2.36.6 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges the fixes that appear in v2.30.9, v2.31.8,
|
||||
v2.32.7, v2.33.8, v2.34.8 and v2.35.8 to address the security issues
|
||||
CVE-2023-25652, CVS-2023-25815, and CVE-2023-29007; see the release
|
||||
notes for these versions for details.
|
||||
Reference in New Issue
Block a user