Upstream security fixes related to .gitmodules handling. From the upstream announcement:
* Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233).
Also fix a segfault in rev-parse with invalid input (#1581678) and install contrib/diff-highlight (#1550251).
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-080a3d7866
Please login to add feedback.