Repository 32bit  Forum
Repository 64bit  Wiki
Fri Jun 1 21:28:10 UTC 2018
patches/packages/git-2.14.4-i486-1_slack14.1.txz: Upgraded.
  This update fixes security issues:
  Submodule "names" come from the untrusted .gitmodules file, but we
  blindly append them to $GIT_DIR/modules to create our on-disk repo
  paths. This means you can do bad things by putting "../" into the
  name. We now enforce some rules for submodule names which will cause
  Git to ignore these malicious names (CVE-2018-11235).
  Credit for finding this vulnerability and the proof of concept from
  which the test script was adapted goes to Etienne Stalmans.
  It was possible to trick the code that sanity-checks paths on NTFS
  into reading random piece of memory (CVE-2018-11233).
  Credit for fixing for these bugs goes to Jeff King, Johannes
  Schindelin and others.
  For more information, see:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233
  (* Security fix *)