about summary refs log tree commit diff
path: root/third_party/git/Documentation/RelNotes/2.13.7.txt
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/git/Documentation/RelNotes/2.13.7.txt')
-rw-r--r--third_party/git/Documentation/RelNotes/2.13.7.txt20
1 files changed, 0 insertions, 20 deletions
diff --git a/third_party/git/Documentation/RelNotes/2.13.7.txt b/third_party/git/Documentation/RelNotes/2.13.7.txt
deleted file mode 100644
index 09fc01406c7c..000000000000
--- a/third_party/git/Documentation/RelNotes/2.13.7.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-Git v2.13.7 Release Notes
-=========================
-
-Fixes since v2.13.6
--------------------
-
- * Submodule "names" come from the untrusted .gitmodules file, but we
-   blindly append them to $GIT_DIR/modules to create our on-disk repo
-   paths. This means you can do bad things by putting "../" into the
-   name. We now enforce some rules for submodule names which will cause
-   Git to ignore these malicious names (CVE-2018-11235).
-
-   Credit for finding this vulnerability and the proof of concept from
-   which the test script was adapted goes to Etienne Stalmans.
-
- * It was possible to trick the code that sanity-checks paths on NTFS
-   into reading random piece of memory (CVE-2018-11233).
-
-Credit for fixing for these bugs goes to Jeff King, Johannes
-Schindelin and others.