merge(third_party/git): Merge squashed git subtree at v2.23.0
Merge commit '1b593e1ea4' as 'third_party/git'
This commit is contained in:
Vincent Ambo
commit
7ef0d62730
3629 changed files with 1139935 additions and 0 deletions
16
third_party/git/Documentation/RelNotes/2.14.5.txt
vendored
Normal file
16
third_party/git/Documentation/RelNotes/2.14.5.txt
vendored
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
Git v2.14.5 Release Notes
|
||||
=========================
|
||||
|
||||
This release is to address the recently reported CVE-2018-17456.
|
||||
|
||||
Fixes since v2.14.4
|
||||
-------------------
|
||||
|
||||
* Submodules' "URL"s come from the untrusted .gitmodules file, but
|
||||
we blindly gave it to "git clone" to clone submodules when "git
|
||||
clone --recurse-submodules" was used to clone a project that has
|
||||
such a submodule. The code has been hardened to reject such
|
||||
malformed URLs (e.g. one that begins with a dash).
|
||||
|
||||
Credit for finding and fixing this vulnerability goes to joernchen
|
||||
and Jeff King, respectively.
|
||||
Loading…
Add table
Add a link
Reference in a new issue