diff --git a/git-2.24.0.tar.sign b/git-2.24.0.tar.sign deleted file mode 100644 index ff5fe56..0000000 Binary files a/git-2.24.0.tar.sign and /dev/null differ diff --git a/git-2.24.0.tar.xz b/git-2.24.0.tar.xz deleted file mode 100644 index d09ce87..0000000 --- a/git-2.24.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9f71d61973626d8b28c4cdf8e2484b4bf13870ed643fed982d68b2cfd754371b -size 5766056 diff --git a/git-2.24.1.tar.sign b/git-2.24.1.tar.sign new file mode 100644 index 0000000..5a52dc3 Binary files /dev/null and b/git-2.24.1.tar.sign differ diff --git a/git-2.24.1.tar.xz b/git-2.24.1.tar.xz new file mode 100644 index 0000000..5cf5748 --- /dev/null +++ b/git-2.24.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:723f24dce8fdd621a308b6187553fce7d5244205c065fe0a3aebd0b7c3f88562 +size 5772304 diff --git a/git.changes b/git.changes index 98fe5ae..1c721ca 100644 --- a/git.changes +++ b/git.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Wed Dec 11 06:37:34 UTC 2019 - Andreas Stieger + +- git 2.24.1: + * CVE-2019-1348: The --export-marks option of fast-import is + exposed also via the in-stream command feature export-marks=... + and it allows overwriting arbitrary paths (boo#1158785) + * CVE-2019-1349: on Windows, when submodules are cloned + recursively, under certain circumstances Git could be fooled + into using the same Git directory twice (boo#1158787) + * CVE-2019-1350: Incorrect quoting of command-line arguments + allowed remote code execution during a recursive clone in + conjunction with SSH URLs (boo#1158788) + * CVE-2019-1351: on Windows mistakes drive letters outside of + the US-English alphabet as relative paths (boo#1158789) + * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data + Streams (boo#1158790) + * CVE-2019-1353: when run in the Windows Subsystem for Linux + while accessing a working directory on a regular Windows + drive, none of the NTFS protections were active (boo#1158791) + * CVE-2019-1354: on Windows refuses to write tracked files with + filenames that contain backslashes (boo#1158792) + * CVE-2019-1387: Recursive clones vulnerability that is caused + by too-lax validation of submodule names, allowing very + targeted attacks via remote code execution in recursive + clones (boo#1158793) + * CVE-2019-19604: a recursive clone followed by a submodule + update could execute code contained within the repository + without the user explicitly having asked for that (boo#1158795) + ------------------------------------------------------------------- Fri Nov 29 14:57:55 UTC 2019 - Stefan BrĂ¼ns diff --git a/git.spec b/git.spec index 2b3d995..16e9233 100644 --- a/git.spec +++ b/git.spec @@ -32,7 +32,7 @@ %endif Name: git -Version: 2.24.0 +Version: 2.24.1 Release: 0 Summary: Fast, scalable, distributed revision control system License: GPL-2.0-only