diff --git a/CHANGES.md b/CHANGES.md index 6ec51a0e1..c9b6cba42 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,6 +10,28 @@ - Windows (x86/amd64): - Linux/Mac OS X: +## v0.25.1 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.25..v0.25.1)) + +This is a security release fixing insufficient validation of submodule +names (CVE-2018-11235, reported by Etienne Stalmans) and disallows +`.gitmodules` files as symlinks. This includes [libgit2 +v0.27.1](https://github.com/libgit2/libgit2/releases/tag/v0.27.1), +whose release notes follow. + +While submodule names come from the untrusted `.gitmodules` file, we +blindly append the name to `$GIT_DIR/modules` to construct the final +path of the submodule repository. In case the name contains e.g. `../`, +an adversary would be able to escape your repository and write data at +arbitrary paths. In accordance with git, we now enforce some rules for +submodule names which will cause libgit2 to ignore these malicious names. + +Adding a symlink as .gitmodules into the index from the workdir or +checking out such files is not allowed as this can make a Git +implementation write outside of the repository and bypass the fsck +checks for CVE-2018-11235. + +libgit2 (and LibGit2Sharp) is not susceptible to CVE-2018-11233. + ## v0.25 - ([diff](https://github.com/libgit2/libgit2sharp/compare/v0.24..v0.25)) LibGit2Sharp is now .NET Core 2.0+ and .NET Framework compatible. diff --git a/LibGit2Sharp/LibGit2Sharp.csproj b/LibGit2Sharp/LibGit2Sharp.csproj index fc15f0e2f..6e966a5c9 100644 --- a/LibGit2Sharp/LibGit2Sharp.csproj +++ b/LibGit2Sharp/LibGit2Sharp.csproj @@ -32,7 +32,7 @@ - +