Hello community, here is the log from the commit of package git for openSUSE:Factory checked in at 2019-12-23 22:36:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/git (Old) and /work/SRC/openSUSE:Factory/.git.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git" Mon Dec 23 22:36:01 2019 rev:242 rq:755723 version:2.24.1 Changes: -------- --- /work/SRC/openSUSE:Factory/git/git.changes 2019-12-07 15:23:08.047730922 +0100 +++ /work/SRC/openSUSE:Factory/.git.new.6675/git.changes 2019-12-23 22:38:04.977836947 +0100 @@ -1,0 +2,30 @@ +Wed Dec 11 06:37:34 UTC 2019 - Andreas Stieger <[email protected]> + +- git 2.24.1: + * CVE-2019-1348: The --export-marks option of fast-import is + exposed also via the in-stream command feature export-marks=... + and it allows overwriting arbitrary paths (boo#1158785) + * CVE-2019-1349: on Windows, when submodules are cloned + recursively, under certain circumstances Git could be fooled + into using the same Git directory twice (boo#1158787) + * CVE-2019-1350: Incorrect quoting of command-line arguments + allowed remote code execution during a recursive clone in + conjunction with SSH URLs (boo#1158788) + * CVE-2019-1351: on Windows mistakes drive letters outside of + the US-English alphabet as relative paths (boo#1158789) + * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data + Streams (boo#1158790) + * CVE-2019-1353: when run in the Windows Subsystem for Linux + while accessing a working directory on a regular Windows + drive, none of the NTFS protections were active (boo#1158791) + * CVE-2019-1354: on Windows refuses to write tracked files with + filenames that contain backslashes (boo#1158792) + * CVE-2019-1387: Recursive clones vulnerability that is caused + by too-lax validation of submodule names, allowing very + targeted attacks via remote code execution in recursive + clones (boo#1158793) + * CVE-2019-19604: a recursive clone followed by a submodule + update could execute code contained within the repository + without the user explicitly having asked for that (boo#1158795) + +------------------------------------------------------------------- Old: ---- git-2.24.0.tar.sign git-2.24.0.tar.xz New: ---- git-2.24.1.tar.sign git-2.24.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ git.spec ++++++ --- /var/tmp/diff_new_pack.RvjQmM/_old 2019-12-23 22:38:05.929837359 +0100 +++ /var/tmp/diff_new_pack.RvjQmM/_new 2019-12-23 22:38:05.937837363 +0100 @@ -32,7 +32,7 @@ %endif Name: git -Version: 2.24.0 +Version: 2.24.1 Release: 0 Summary: Fast, scalable, distributed revision control system License: GPL-2.0-only ++++++ git-2.24.0.tar.xz -> git-2.24.1.tar.xz ++++++ ++++ 2030 lines of diff (skipped)
