CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2017/09/27 09:06:08
Modified files:
devel/git : Makefile distinfo
devel/git/patches: patch-Makefile patch-gitweb_gitweb_perl
patch-t_test-lib_sh
Removed files:
devel/git/patches: patch-t_t0001-init_sh
patch-t_t4062-diff-pickaxe_sh
patch-t_t7004-tag_sh
Log message:
Security update to git-2.14.2
The `git` subcommand `cvsserver` is a Perl script which makes excessive
use of the backtick operator to invoke `git`. Unfortunately user input
is used within some of those invocations.
http://seclists.org/oss-sec/2017/q3/att-534/git_cvsserver.txt
ok benoit@ (maintainer), "Fix should go in" sthen@
