mirror of
git://slackware.nl/current.git
synced 2025-01-03 23:03:22 +01:00
9b5b70af5b
patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP multi-header compression denial of service.
HSTS amnesia with --parallel.
HSTS ignored on multiple requests.
For more information, see:
https://curl.se/docs/CVE-2023-23916.html
https://curl.se/docs/CVE-2023-23915.html
https://curl.se/docs/CVE-2023-23914.html
https://www.cve.org/CVERecord?id=CVE-2023-23916
https://www.cve.org/CVERecord?id=CVE-2023-23915
https://www.cve.org/CVERecord?id=CVE-2023-23914
(* Security fix *)
patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22490
https://www.cve.org/CVERecord?id=CVE-2023-23946
(* Security fix *)
11 lines
397 B
Text
11 lines
397 B
Text
git: git (the stupid content tracker)
|
|
git:
|
|
git: Git is a fast, scalable, distributed revision control system with an
|
|
git: unusually rich command set that provides both high-level operations
|
|
git: and full access to internals.
|
|
git:
|
|
git: "git" can mean anything, depending on your mood.
|
|
git:
|
|
git: Git was originally written by Linus Torvalds and is currently
|
|
git: maintained by Junio C. Hamano.
|
|
git:
|