-
Mon Jan 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 2.27.0-4
- Fixes CVE-2022-23521 and CVE-2022-41903
- Tests: try harder to find open ports for apache, git, and svn
- Resolves: #2162071
-
Thu Sep 24 2020 Vít Ondruch <vondruch@redhat.com> - 2.27.0-3
- Drop Emacs bits to prevent conflicts with system version of Git.
Resolves: rhbz#1873019
-
Thu Aug 06 2020 Ondrej Pohorelsky <opohorel@redhat.com> - 2.27.0-2
- Fix git-gui.desktop file
- Resolves: rhbz#1862094
-
Fri Jul 24 2020 Ondrej Pohorelsky <opohorel@redhat.com> - 2.27.0-1
- Update to release 2.27.0
- Resolves: rhbz#1853404
-
Wed Apr 22 2020 Ondrej Pohorelsky <opohorel@redhat.com> - 2.18.4-1
- Update to release 2.18.4
- Resolves: CVE-2020-11008
-
Thu Apr 09 2020 Ondrej Pohorelsky <opohorel@redhat.com> - 2.18.2-3
- Crafted URL containing new lines can cause credential leak
- Resolves: CVE-2020-5260
-
Tue Dec 17 2019 Ondrej Pohorelsky <opohorel@redhat.com> - 2.18.2-1
- Update to release 2.18.2
- Remote code execution in recursive clones with nested submodules
Resolves: CVE-2019-1387
- Arbitrary path overwriting via export-marks in-stream command
Resolves: CVE-2019-1348
- Recursive submodule cloning allows using git directory twice with synonymous
directory name written in .git/
Resolves: CVE-2019-1349
- Fixes CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354
-
Thu Nov 29 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.18.1-3
- apply upstream run-command PATH fix (CVE-2018-19486)
-
Wed Oct 24 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.18.1-2
- config: document value 2 for protocol.version (upstream patch)
- Fix builds without docs and without cvs and/or p4 (from skisela)
- Fix smart-http test due to changes in cookie sort order in curl-7.61.1
(see #1625677)
-
Wed Oct 10 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.18.1-1
- Update to release 2.18.1, fixes CVE-2018-17456: arbitrary code execution via .gitmodules