Upstream security fixes related to .gitmodules handling. From the upstream announcement:
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
A preliminary patch to resolve an issue with zlib on aarch64 is also included (#1582555).
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-75f7624a9f
Please login to add feedback.
This update has been submitted for testing by tmz.
tmz edited this update.
tmz edited this update.
tmz edited this update.
works
Hi,
I try to install from koji build, but transaction failed : Last metadata expiration check: 0:56:09 ago on Wed 30 May 2018 03:01:12 PM CEST. Error: Problem: problem with installed package git-core-doc-2.17.0-3.fc28.noarch - package git-core-doc-2.17.0-3.fc28.noarch requires git-core = 2.17.0-3.fc28, but none of the providers can be installed - package git-core-doc-2.17.0-1.fc28.noarch requires git-core = 2.17.0-1.fc28, but none of the providers can be installed - cannot install both git-core-2.17.1-2.fc28.x86_64 and git-core-2.17.0-3.fc28.x86_64 - cannot install both git-core-2.17.1-2.fc28.x86_64 and git-core-2.17.0-1.fc28.x86_64 - conflicting requests (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)
infact, git-core-doc not upgrade in fix security update.
Edit:
Sorry infact i don't show that git-core-doc is noarch package, i forgot to download them.
With git-core-doc and perl-Git work great.
Thanks to work.
This update has been pushed to testing.
Works for me
This update has been submitted for batched by tmz.
This update has been submitted for stable by tmz.
works for me
works for me too
This update has been pushed to stable.