got a CVE number

2018-06-18 17:56:18 -04:00 · 2018-06-18 17:56:18 -04:00 · c81b879d39
commit c81b879d39
parent e00b3ab3d5
3 changed files with 7 additions and 4 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 git-annex (6.20180622) UNRELEASED; urgency=high

+  * Security fix release for CVE-2018-10857.
  * Added annex.security.allowed-url-schemes setting, which defaults
    to only allowing http, https, and ftp URLs. Note especially that file:/
    is no longer enabled by default. This is a security fix.
--- a/doc/bugs/security_hole_private_data_exposure_via_addurl.mdwn
+++ b/doc/bugs/security_hole_private_data_exposure_via_addurl.mdwn
@ -1,3 +1,5 @@
+CVE-2018-10857
+
 This is a security hole that allows exposure of
 private data in files located outside the git-annex repository.

--- a/doc/security/private_data_exposure.mdwn
+++ b/doc/security/private_data_exposure.mdwn
@ -1,7 +1,7 @@
-Some uses of git-annex were vulnerable to a private data exposure and
-exfiltration attack. It could expose the content of files located
-outside the git-annex repository, or content from a private 
-web server on localhost or the LAN.
+CVE-2018-10857: Some uses of git-annex were vulnerable to a private data
+exposure and exfiltration attack. It could expose the content of files
+located outside the git-annex repository, or content from a private web
+server on localhost or the LAN.

 This was fixed in git-annex 6.20180622.