| blob | 8e5ae06b2320ef79040148612897d5355092ce4d |
1 From fcbe863c30a5c0d9ff7555b1edc5bbfc6f7d1d49 Mon Sep 17 00:00:00 2001
2 From: Johannes Schindelin <johannes.schindelin@gmx.de>
3 Date: Wed, 4 Dec 2019 19:58:46 +0100
4 Subject: Git 2.14.6
6 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 (cherry picked from commit 66d2a6159f511924e7e0b8a21c93538879bfd622)
8 Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
9 ---
10 Documentation/RelNotes/2.14.6.txt | 54 +++++++++++++++++++++++++++++++
11 1 file changed, 54 insertions(+)
12 create mode 100644 Documentation/RelNotes/2.14.6.txt
14 diff --git a/Documentation/RelNotes/2.14.6.txt b/Documentation/RelNotes/2.14.6.txt
15 new file mode 100644
16 index 0000000000..72b7af6799
17 --- /dev/null
18 +++ b/Documentation/RelNotes/2.14.6.txt
19 @@ -0,0 +1,54 @@
20 +Git v2.14.6 Release Notes
21 +=========================
22 +
23 +This release addresses the security issues CVE-2019-1348,
24 +CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,
25 +CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387.
26 +
27 +Fixes since v2.14.5
28 +-------------------
29 +
30 + * CVE-2019-1348:
31 + The --export-marks option of git fast-import is exposed also via
32 + the in-stream command feature export-marks=... and it allows
33 + overwriting arbitrary paths.
34 +
35 + * CVE-2019-1349:
36 + When submodules are cloned recursively, under certain circumstances
37 + Git could be fooled into using the same Git directory twice. We now
38 + require the directory to be empty.
39 +
40 + * CVE-2019-1350:
41 + Incorrect quoting of command-line arguments allowed remote code
42 + execution during a recursive clone in conjunction with SSH URLs.
43 +
44 + * CVE-2019-1351:
45 + While the only permitted drive letters for physical drives on
46 + Windows are letters of the US-English alphabet, this restriction
47 + does not apply to virtual drives assigned via subst <letter>:
48 + <path>. Git mistook such paths for relative paths, allowing writing
49 + outside of the worktree while cloning.
50 +
51 + * CVE-2019-1352:
52 + Git was unaware of NTFS Alternate Data Streams, allowing files
53 + inside the .git/ directory to be overwritten during a clone.
54 +
55 + * CVE-2019-1353:
56 + When running Git in the Windows Subsystem for Linux (also known as
57 + "WSL") while accessing a working directory on a regular Windows
58 + drive, none of the NTFS protections were active.
59 +
60 + * CVE-2019-1354:
61 + Filenames on Linux/Unix can contain backslashes. On Windows,
62 + backslashes are directory separators. Git did not use to refuse to
63 + write out tracked files with such filenames.
64 +
65 + * CVE-2019-1387:
66 + Recursive clones are currently affected by a vulnerability that is
67 + caused by too-lax validation of submodule names, allowing very
68 + targeted attacks via remote code execution in recursive clones.
69 +
70 +Credit for finding these vulnerabilities goes to Microsoft Security
71 +Response Center, in particular to Nicolas Joly. The `fast-import`
72 +fixes were provided by Jeff King, the other fixes by Johannes
73 +Schindelin with help from Garima Singh.
74 --
75 2.24.0.393.g34dc348eaf