Documentation/RelNotes/2.20.2.adoc at reftables-rust

freshlybakedca.ke / git

fork atom

Git fork

fork atom

git / Documentation / RelNotes / 2.20.2.adoc

at reftables-rust 18 lines 828 B view raw

wrap content

brian m. carlson doc: use .adoc extension for AsciiDoc files 1y ago

1f010d6b

 1Git v2.20.2 Release Notes
 2=========================
 3
 4This release merges up the fixes that appear in v2.14.6, v2.15.4
 5and in v2.17.3, addressing the security issues CVE-2019-1348,
 6CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,
 7CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes
 8for those versions for details.
 9
10The change to disallow `submodule.<name>.update=!command` entries in
11`.gitmodules` which was introduced v2.15.4 (and for which v2.17.3
12added explicit fsck checks) fixes the vulnerability in v2.20.x where a
13recursive clone followed by a submodule update could execute code
14contained within the repository without the user explicitly having
15asked for that (CVE-2019-19604).
16
17Credit for finding this vulnerability goes to Joern Schneeweisz,
18credit for the fixes goes to Jonathan Nieder.