Security update for git-annex
This update for git-annex to version 6.20180626 fixes the following issues:
- CVE-2018-10857: Prevent file content disclosure by refusing to download
content that cannot be verified with a hash, from encrypted special remotes and
glacier (bsc#1098062).
- CVE-2018-10859: Prevent local gpg encrypted file disclosure by refusing to
download content that cannot be verified with a hash, from encrypted special
remotes (bsc#1098364).
This update brings many other bug fixes and new features.
http://hackage.haskell.org/package/git-annex-6.20180626/changelog
has a detailed list of changes.
-
Submitted by
Peter Simons (psimons)
Fixed bugs
bnc#1098364
VUL-0: CVE-2018-10859: git-annex: local gpg encrypted file disclosure
bnc#1098062
VUL-0: CVE-2018-10857: git-annex: file content disclosure
