freshlybakedca.ke / git
Git fork
fork atom
git / Documentation / RelNotes / 2.14.6.adoc
at reftables-rust 54 lines 2.1 kB view raw
brian m. carlson doc: use .adoc extension for AsciiDoc files
1f010d6b
1Git v2.14.6 Release Notes 2========================= 3 4This release addresses the security issues CVE-2019-1348, 5CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, 6CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387. 7 8Fixes since v2.14.5 9------------------- 10 11 * CVE-2019-1348: 12 The --export-marks option of git fast-import is exposed also via 13 the in-stream command feature export-marks=... and it allows 14 overwriting arbitrary paths. 15 16 * CVE-2019-1349: 17 When submodules are cloned recursively, under certain circumstances 18 Git could be fooled into using the same Git directory twice. We now 19 require the directory to be empty. 20 21 * CVE-2019-1350: 22 Incorrect quoting of command-line arguments allowed remote code 23 execution during a recursive clone in conjunction with SSH URLs. 24 25 * CVE-2019-1351: 26 While the only permitted drive letters for physical drives on 27 Windows are letters of the US-English alphabet, this restriction 28 does not apply to virtual drives assigned via subst <letter>: 29 <path>. Git mistook such paths for relative paths, allowing writing 30 outside of the worktree while cloning. 31 32 * CVE-2019-1352: 33 Git was unaware of NTFS Alternate Data Streams, allowing files 34 inside the .git/ directory to be overwritten during a clone. 35 36 * CVE-2019-1353: 37 When running Git in the Windows Subsystem for Linux (also known as 38 "WSL") while accessing a working directory on a regular Windows 39 drive, none of the NTFS protections were active. 40 41 * CVE-2019-1354: 42 Filenames on Linux/Unix can contain backslashes. On Windows, 43 backslashes are directory separators. Git did not use to refuse to 44 write out tracked files with such filenames. 45 46 * CVE-2019-1387: 47 Recursive clones are currently affected by a vulnerability that is 48 caused by too-lax validation of submodule names, allowing very 49 targeted attacks via remote code execution in recursive clones. 50 51Credit for finding these vulnerabilities goes to Microsoft Security 52Response Center, in particular to Nicolas Joly. The `fast-import` 53fixes were provided by Jeff King, the other fixes by Johannes 54Schindelin with help from Garima Singh.