Git v2.20.2 Release Notes ========================= This release merges up the fixes that appear in v2.14.6, v2.15.4 and in v2.17.3, addressing the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes for those versions for details. The change to disallow `submodule.<name>.update=!command` entries in `.gitmodules` which was introduced v2.15.4 (and for which v2.17.3 added explicit fsck checks) fixes the vulnerability in v2.20.x where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (CVE-2019-19604). Credit for finding this vulnerability goes to Joern Schneeweisz, credit for the fixes goes to Jonathan Nieder.
distrib
>
Mageia
>
7
>
armv7hl
>
media
>
core-updates
>
by-pkgid
>
0a98a65a8e8e1f489f92eeb1568b957e
>
files
>
654
