-
Mon Jun 18 2018 Pavel Cahyna <pcahyna@redhat.com> - 1.8.3.1-14
- Backport fix for CVE-2018-1123
- Thanks to Jonathan Nieder <jrnieder@gmail.com> for backporting to 2.1.x
and to Steve Beattie <sbeattie@ubuntu.com> for backporting to 1.9.1
-
Wed Sep 13 2017 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-13
- fall back to Basic auth if Negotiate fails
Resolves: #1490998
- handle request-pull when multiple tags point to the same commit
Resolves: #1192146
-
Fri Aug 11 2017 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-12
- prevent command injection via malicious ssh URLs
Resolves: CVE-2017-1000117
-
Wed May 17 2017 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-11
- dissalow repo names beginning with dash
Resolves: CVE-2017-8386
-
Wed Mar 29 2017 Petr Stodulka <pstodulk@redhat.com> -1.8.3.1-10
- do not put unsanitized branch names in $PS1
Resolves: CVE-2014-9938
-
Fri Feb 24 2017 Petr Stodulka <pstodulk@redhat.com> -1.8.3.1-9
- add control of GSSAPI credential delegation to enable HTTP(S)-SSO
authentication
Resolves: #1369173
-
Sat Mar 19 2016 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-8
- remove needles check of xmalloc from previous patch
Resolves: #1318255
-
Fri Mar 18 2016 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-7
- fix heap overflow CVE-2016-2315 CVE-2016-2324
Resolves: #1318255
-
Wed Oct 28 2015 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-6
- fix arbitrary code execution via crafted URLs
Resolves: #1274737
-
Fri Jun 19 2015 Petr Stodulka <pstodulk@redhat.com> - 1.8.3.1-5
- Rename the git.service into git@.service
Resolves #1135071