| From afdc7c3c9874522c09de39680a6550b086f60a78 Mon Sep 17 00:00:00 2001 |
| From: Johannes Schindelin <johannes.schindelin@gmx.de> |
| Date: Wed, 4 Dec 2019 22:33:15 +0100 |
| Subject: Git 2.20.2 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| (cherry picked from commit 4cd1cf31efed9b16db5035c377bfa222f5272458) |
| Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> |
| --- |
| Documentation/RelNotes/2.20.2.txt | 18 ++++++++++++++++++ |
| GIT-VERSION-GEN | 2 +- |
| 2 files changed, 19 insertions(+), 1 deletion(-) |
| create mode 100644 Documentation/RelNotes/2.20.2.txt |
| |
| diff --git a/Documentation/RelNotes/2.20.2.txt b/Documentation/RelNotes/2.20.2.txt |
| new file mode 100644 |
| index 0000000000..8e680cb9fb |
| --- /dev/null |
| +++ b/Documentation/RelNotes/2.20.2.txt |
| @@ -0,0 +1,18 @@ |
| +Git v2.20.2 Release Notes |
| +========================= |
| + |
| +This release merges up the fixes that appear in v2.14.6, v2.15.4 |
| +and in v2.17.3, addressing the security issues CVE-2019-1348, |
| +CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, |
| +CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes |
| +for those versions for details. |
| + |
| +The change to disallow `submodule.<name>.update=!command` entries in |
| +`.gitmodules` which was introduced v2.15.4 (and for which v2.17.3 |
| +added explicit fsck checks) fixes the vulnerability in v2.20.x where a |
| +recursive clone followed by a submodule update could execute code |
| +contained within the repository without the user explicitly having |
| +asked for that (CVE-2019-19604). |
| + |
| +Credit for finding this vulnerability goes to Joern Schneeweisz, |
| +credit for the fixes goes to Jonathan Nieder. |
| diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN |
| index d1a2814ec7..492f3480f0 100755 |
| --- a/GIT-VERSION-GEN |
| +++ b/GIT-VERSION-GEN |
| @@ -1,7 +1,7 @@ |
| #!/bin/sh |
| |
| GVF=GIT-VERSION-FILE |
| -DEF_VER=v2.20.1 |
| +DEF_VER=v2.20.2 |
| |
| LF=' |
| ' |
| -- |
| 2.26.0.292.g33ef6b2f38 |
| |