lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <xmqqmvvxxcz9.fsf@gitster.mtv.corp.google.com>
Date:	Mon, 05 Oct 2015 13:43:54 -0700
From:	Junio C Hamano <gitster@...ox.com>
To:	git@...r.kernel.org
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: [ANNOUNCE] Git v2.6.1, v2.5.4, v2.4.10 and v2.3.10

The latest maintenance release Git v2.6.1, together with releases
for older maintenance tracks, are now available at the usual places.

The tarballs are found at:

    https://www.kernel.org/pub/software/scm/git/

The following public repositories all have a copy of the
abovementioned tags:

  url = https://kernel.googlesource.com/pub/scm/git/git
  url = git://repo.or.cz/alt-git.git
  url = git://git.sourceforge.jp/gitroot/git-core/git.git
  url = git://git-core.git.sourceforge.net/gitroot/git-core/git-core
  url = https://github.com/gitster/git

Fixes contained in these releases are as follows:

 * xdiff code we use to generate diffs is not prepared to handle
   extremely large files.  It uses "int" in many places, which can
   overflow if we have a very large number of lines or even bytes in
   our input files, for example.  Cap the input size to somewhere
   around 1GB for now.

 * Some protocols (like git-remote-ext) can execute arbitrary code
   found in the URL.  The URLs that submodules use may come from
   arbitrary sources (e.g., .gitmodules files in a remote
   repository), and can hurt those who blindly enable recursive
   fetch.  Restrict the allowed protocols to well known and safe
   ones.

Kudos to Blake Burkhart and Jeff King for working on these fixes.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ