Upstream security fixes related to .gitmodules handling. From the upstream announcement:
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
Also fix a segfault in rev-parse with invalid input (#1581678) and install contrib/diff-highlight (#1550251).
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-080a3d7866
Please login to add feedback.
This update has been submitted for testing by tmz.
This update has been pushed to testing.
tmz edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by tmz.
tmz edited this update.
tmz edited this update.
tmz edited this update.
This update has been pushed to testing.
Works fine, fixes critical security issue
This update has been submitted for batched by tmz.
This update has been submitted for stable by tmz.
works for me in a VM
This update has been pushed to stable.