diff options
author | Patrick Steinhardt <ps@pks.im> | 2018-05-29 14:05:10 +0200 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2018-06-01 14:14:44 +0200 |
commit | ef5265e2d7c4a1e4ebf229f39ec825402f0a2c94 (patch) | |
tree | 6192ccb2def4c50260ed93f9cb4d06171d7acf85 | |
parent | ea55c77cf879016656627d5a4f652672667707af (diff) | |
download | libgit2-ef5265e2d7c4a1e4ebf229f39ec825402f0a2c94.tar.gz |
CHANGELOG: update for v0.26.4
-rw-r--r-- | CHANGELOG.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ef5347c06..c52e6ce90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,23 @@ +v0.26.4 +------- + +This is a security release fixing insufficient validation of submodule names +(CVE-2018-11235, reported by Etienne Stalmans) and disallows `.gitmodules` files +as symlinks. + +While submodule names come from the untrusted ".gitmodules" file, we blindly +append the name to "$GIT_DIR/modules" to construct the final path of the +submodule repository. In case the name contains e.g. "../", an adversary would +be able to escape your repository and write data at arbitrary paths. In +accordance with git, we now enforce some rules for submodule names which will +cause libgit2 to ignore these malicious names. + +Adding a symlink as `.gitmodules` into the index from the workdir or checking +out such files is not allowed as this can make a Git implementation write +outside of the repository and bypass the `fsck` checks for CVE-2018-11235. + +libgit2 is not susceptible to CVE-2018-11233. + v0.26.3 ------- |