diff options
Diffstat (limited to 'third_party/git/Documentation/RelNotes/2.13.7.txt')
| -rw-r--r-- | third_party/git/Documentation/RelNotes/2.13.7.txt | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/third_party/git/Documentation/RelNotes/2.13.7.txt b/third_party/git/Documentation/RelNotes/2.13.7.txt deleted file mode 100644 index 09fc01406c..0000000000 --- a/third_party/git/Documentation/RelNotes/2.13.7.txt +++ /dev/null @@ -1,20 +0,0 @@ -Git v2.13.7 Release Notes -========================= - -Fixes since v2.13.6 -------------------- - - * Submodule "names" come from the untrusted .gitmodules file, but we - blindly append them to $GIT_DIR/modules to create our on-disk repo - paths. This means you can do bad things by putting "../" into the - name. We now enforce some rules for submodule names which will cause - Git to ignore these malicious names (CVE-2018-11235). - - Credit for finding this vulnerability and the proof of concept from - which the test script was adapted goes to Etienne Stalmans. - - * It was possible to trick the code that sanity-checks paths on NTFS - into reading random piece of memory (CVE-2018-11233). - -Credit for fixing for these bugs goes to Jeff King, Johannes -Schindelin and others. |