Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-13.37 ChangeLog (2017-08-11) ====== ====== Fri Aug 11 23:02:43 UTC 2017 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.13.37>patches/packages/git-2.14.1-i486-1_slack13.37.txz]] \\ Fixes security issues: \\ A "ssh://..." URL can result in a "ssh" command line with a hostname that \\ begins with a dash "-", which would cause the "ssh" command to instead \\ (mis)treat it as an option. This is now prevented by forbidding such a \\ hostname (which should not impact any real-world usage). \\ Similarly, when GIT_PROXY_COMMAND is configured, the command is run with \\ host and port that are parsed out from "ssh://..." URL; a poorly written \\ GIT_PROXY_COMMAND could be tricked into treating a string that begins with a \\ dash "-" as an option. This is now prevented by forbidding such a hostname \\ and port number (again, which should not impact any real-world usage). \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117 \\ (* Security fix *) {{tag>slackware changelog slackware-13.37 2017-08}} news/2017/08/11/slackware-13.37-changelog.txt Last modified: 12 months agoby Giuseppe Di Terlizzi Log In