diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | NEWS | 2 |
2 files changed, 7 insertions, 0 deletions
@@ -1,3 +1,8 @@ +2011-02-03 Jim Meyering <meyering@redhat.com> + + doc: mention the fix for CVE-2010-4651 + * NEWS: Mention the fix. + 2011-02-01 Jim Meyering <meyering@redhat.com> and Andreas Gruenbacher <agruen@linbit.com> @@ -1,3 +1,5 @@ +* patch now rejects a destination file name that is absolute or that contains + a component of "..". This addresses CVE-2010-4651, * Support for most features of the "diff --git" format: renames and copies, permission changes, symlink diffs. Caveats: + Binary diffs are not supported yet; patch will complain and skip them. |