Git 2.17.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin
16
Documentation/RelNotes/2.17.6.txt
Normal file
16
Documentation/RelNotes/2.17.6.txt
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
Git v2.17.6 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release addresses the security issues CVE-2021-21300.
|
||||||
|
|
||||||
|
Fixes since v2.17.5
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
* CVE-2021-21300:
|
||||||
|
On case-insensitive file systems with support for symbolic links,
|
||||||
|
if Git is configured globally to apply delay-capable clean/smudge
|
||||||
|
filters (such as Git LFS), Git could be fooled into running
|
||||||
|
remote code during a clone.
|
||||||
|
|
||||||
|
Credit for finding and fixing this vulnerability goes to Matheus
|
||||||
|
Tavares, helped by Johannes Schindelin.
|
||||||
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
GVF=GIT-VERSION-FILE
|
GVF=GIT-VERSION-FILE
|
||||||
DEF_VER=v2.17.5
|
DEF_VER=v2.17.6
|
||||||
|
|
||||||
LF='
|
LF='
|
||||||
'
|
'
|
||||||
|
|||||||
Reference in New Issue
Block a user