Overview
Request 755723 accepted
- git 2.24.1:
* CVE-2019-1348: The --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=...
and it allows overwriting arbitrary paths (boo#1158785)
* CVE-2019-1349: on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled
into using the same Git directory twice (boo#1158787)
* CVE-2019-1350: Incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in
conjunction with SSH URLs (boo#1158788)
* CVE-2019-1351: on Windows mistakes drive letters outside of
the US-English alphabet as relative paths (boo#1158789)
* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
Streams (boo#1158790)
* CVE-2019-1353: when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active (boo#1158791)
* CVE-2019-1354: on Windows refuses to write tracked files with
filenames that contain backslashes (boo#1158792)
* CVE-2019-1387: Recursive clones vulnerability that is caused
by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive
clones (boo#1158793)
* CVE-2019-19604: a recursive clone followed by a submodule
update could execute code contained within the repository
without the user explicitly having asked for that (boo#1158795)
- Created by AndreasStieger
- In state accepted
Request History
AndreasStieger created request
- git 2.24.1:
* CVE-2019-1348: The --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=...
and it allows overwriting arbitrary paths (boo#1158785)
* CVE-2019-1349: on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled
into using the same Git directory twice (boo#1158787)
* CVE-2019-1350: Incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in
conjunction with SSH URLs (boo#1158788)
* CVE-2019-1351: on Windows mistakes drive letters outside of
the US-English alphabet as relative paths (boo#1158789)
* CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
Streams (boo#1158790)
* CVE-2019-1353: when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active (boo#1158791)
* CVE-2019-1354: on Windows refuses to write tracked files with
filenames that contain backslashes (boo#1158792)
* CVE-2019-1387: Recursive clones vulnerability that is caused
by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive
clones (boo#1158793)
* CVE-2019-19604: a recursive clone followed by a submodule
update could execute code contained within the repository
without the user explicitly having asked for that (boo#1158795)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar_suse set openSUSE:Factory:Staging:C as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:C"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:C"
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:C got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:C got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:C got accepted.