Git 2.20.2
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin
18
Documentation/RelNotes/2.20.2.txt
Normal file
18
Documentation/RelNotes/2.20.2.txt
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
Git v2.20.2 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges up the fixes that appear in v2.14.6, v2.15.4
|
||||||
|
and in v2.17.3, addressing the security issues CVE-2019-1348,
|
||||||
|
CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,
|
||||||
|
CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes
|
||||||
|
for those versions for details.
|
||||||
|
|
||||||
|
The change to disallow `submodule.<name>.update=!command` entries in
|
||||||
|
`.gitmodules` which was introduced v2.15.4 (and for which v2.17.3
|
||||||
|
added explicit fsck checks) fixes the vulnerability in v2.20.x where a
|
||||||
|
recursive clone followed by a submodule update could execute code
|
||||||
|
contained within the repository without the user explicitly having
|
||||||
|
asked for that (CVE-2019-19604).
|
||||||
|
|
||||||
|
Credit for finding this vulnerability goes to Joern Schneeweisz,
|
||||||
|
credit for the fixes goes to Jonathan Nieder.
|
||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
GVF=GIT-VERSION-FILE
|
GVF=GIT-VERSION-FILE
|
||||||
DEF_VER=v2.20.1
|
DEF_VER=v2.20.2
|
||||||
|
|
||||||
LF='
|
LF='
|
||||||
'
|
'
|
||||||
|
|||||||
Reference in New Issue
Block a user