Updated git packages fix security vulnerabilitiesPublication date: 03 Jun 2018
Affected Mageia releases : 6
CVE: CVE-2018-11233 , CVE-2018-11235
It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235).