Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.1 ChangeLog (2018-06-01) ====== ====== Fri Jun 1 21:28:10 UTC 2018 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.14.1>patches/packages/git-2.14.4-i486-1_slack14.1.txz]] \\ This update fixes security issues: \\ Submodule "names" come from the untrusted .gitmodules file, but we \\ blindly append them to $GIT_DIR/modules to create our on-disk repo \\ paths. This means you can do bad things by putting "../" into the \\ name. We now enforce some rules for submodule names which will cause \\ Git to ignore these malicious names (CVE-2018-11235). \\ Credit for finding this vulnerability and the proof of concept from \\ which the test script was adapted goes to Etienne Stalmans. \\ It was possible to trick the code that sanity-checks paths on NTFS \\ into reading random piece of memory (CVE-2018-11233). \\ Credit for fixing for these bugs goes to Jeff King, Johannes \\ Schindelin and others. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233 \\ (* Security fix *) {{tag>slackware changelog slackware-14.1 2018-06}} news/2018/06/01/slackware-14.1-changelog.txt Last modified: 8 months agoby Giuseppe Di Terlizzi Log In