CVE-2017-8386.patch
CVE-2017-1000117.patch
shell-drop-git-cvsserver-support-by-default.diff
cvsserver-use-safe_pipe_capture.diff
cvsimport-shell-quote-variable-used-in-backticks.diff
archimport-use-safe_pipe_capture-for-user-input.diff
0001-submodule-config-verify-submodule-names-as-paths.patch
0002-is_ntfs_dotgit-use-a-size_t-for-traversing-string.patch
0003-is_hfs_dotgit-match-other-.git-files.patch
0004-is_ntfs_dotgit-match-other-.git-files.patch
0005-is_-hfs-ntfs-_dotgitmodules-add-tests.patch
0006-skip_prefix-add-case-insensitive-variant.patch
0007-verify_path-drop-clever-fallthrough.patch
0008-verify_dotfile-mention-case-insensitivity-in-comment.patch
0009-update-index-stat-updated-files-earlier.patch
0010-verify_path-disallow-symlinks-in-.gitmodules.patch
0011-sha1_file-add-read_loose_object-function.patch
0012-fsck-parse-loose-object-paths-directly.patch
0013-index-pack-make-fsck-error-message-more-specific.patch
0014-fsck-simplify-.git-check.patch
0015-fsck-actually-fsck-blob-data.patch
0016-fsck-detect-gitmodules-files.patch
0017-fsck-check-.gitmodules-content.patch
0018-fsck-call-fsck_finish-after-fscking-objects.patch
0019-unpack-objects-call-fsck_finish-after-fscking-object.patch
0020-index-pack-check-.gitmodules-files-with-strict.patch
0021-fsck-complain-when-.gitmodules-is-a-symlink.patch
0001-submodule-helper-use-to-signal-end-of-clone-options.patch
0002-submodule-config-ban-submodule-urls-that-start-with-.patch
0003-submodule-config-ban-submodule-paths-that-start-with.patch
0004-fsck-detect-submodule-urls-starting-with-dash.patch
0005-fsck-detect-submodule-paths-starting-with-dash.patch
0006-cvsimport-apply-shell-quoting-regex-globally.patch
CVE-2017-15298.patch
CVE-2019-13xx/0001-t9300-drop-some-useless-uses-of-cat.patch
CVE-2019-13xx/0002-t9300-create-marks-files-for-double-import-marks-tes.patch
CVE-2019-13xx/0003-fast-import-tighten-parsing-of-boolean-command-line-.patch
CVE-2019-13xx/0004-fast-import-stop-creating-leading-directories-for-im.patch
CVE-2019-13xx/0005-fast-import-delay-creating-leading-directories-for-e.patch
CVE-2019-13xx/0006-fast-import-disallow-feature-export-marks-by-default.patch
CVE-2019-13xx/0007-fast-import-disallow-feature-import-marks-by-default.patch
CVE-2019-13xx/0008-clone-recurse-submodules-prevent-name-squatting-on-W.patch
CVE-2019-13xx/0009-mingw-disallow-backslash-characters-in-tree-objects-.patch
CVE-2019-13xx/0010-path.c-document-the-purpose-of-is_ntfs_dotgit.patch
CVE-2019-13xx/0011-submodule-reject-submodule.update-command-in-.gitmod.patch
CVE-2019-13xx/0012-test-tool-path-utils-offer-to-run-a-protectNTFS-prot.patch
CVE-2019-13xx/0013-is_ntfs_dotgit-only-verify-the-leading-segment.patch
CVE-2019-13xx/0014-path-safeguard-.git-against-NTFS-Alternate-Streams-A.patch
CVE-2019-13xx/0015-is_ntfs_dotgit-speed-it-up.patch
CVE-2019-13xx/0016-path-also-guard-.gitmodules-against-NTFS-Alternate-D.patch
CVE-2019-13xx/0017-protect_ntfs-turn-on-NTFS-protection-by-default.patch
CVE-2019-13xx/0018-mingw-fix-quoting-of-arguments.patch
CVE-2019-13xx/0019-tests-add-a-helper-to-stress-test-argument-quoting.patch
CVE-2019-13xx/0020-quote-stress-test-accept-arguments-to-test-via-the-c.patch
CVE-2019-13xx/0021-t6130-t9350-prepare-for-stringent-Win32-path-validat.patch
CVE-2019-13xx/0022-quote-stress-test-allow-skipping-some-trials.patch
CVE-2019-13xx/0023-unpack-trees-let-merged_entry-pass-through-do_add_en.patch
CVE-2019-13xx/0024-Disallow-dubiously-nested-submodule-git-directories.patch
CVE-2019-13xx/0025-quote-stress-test-offer-to-test-quoting-arguments-fo.patch
CVE-2019-13xx/0027-mingw-refuse-to-access-paths-with-trailing-spaces-or.patch
CVE-2019-13xx/0026-mingw-refuse-to-access-paths-with-illegal-characters.patch
CVE-2019-13xx/0028-mingw-handle-subst-ed-DOS-drives.patch
CVE-2020-5260-1.patch
CVE-2020-5260-2.patch
CVE-2020-5260-3.patch
CVE-2020-5260-4.patch
CVE-2020-11008-1.patch
CVE-2020-11008-2.patch
CVE-2020-11008-3.patch
CVE-2020-11008-4.patch
CVE-2020-11008-5.patch
CVE-2020-11008-6.patch
CVE-2020-11008-7.patch
CVE-2020-11008-8.patch
CVE-2020-11008-9.patch
CVE-2021-21300.patch
CVE-2021-40330.patch
CVE-2022-39260-1.patch
CVE-2022-39260-2.patch
CVE-2022-39260-3.patch
CVE_2022_23521_and_41903/0003-attr-fix-overflow-when-upserting-attribute-with-over.patch
CVE_2022_23521_and_41903/0004-attr-fix-out-of-bounds-read-with-huge-attribute-name.patch
CVE_2022_23521_and_41903/0005-attr-fix-integer-overflow-when-parsing-huge-attribut.patch
CVE_2022_23521_and_41903/0006-attr-fix-out-of-bounds-write-when-parsing-huge-numbe.patch
CVE_2022_23521_and_41903/0007-attr-fix-out-of-bounds-read-with-unreasonable-amount.patch
CVE_2022_23521_and_41903/0008-attr-fix-integer-overflow-with-more-than-INT_MAX-mac.patch
CVE_2022_23521_and_41903/0009-attr-harden-allocation-against-integer-overflows.patch
CVE_2022_23521_and_41903/0010-attr-fix-silently-splitting-up-lines-longer-than-204.patch
CVE_2022_23521_and_41903/0011-attr-ignore-attribute-lines-exceeding-2048-bytes.patch
CVE_2022_23521_and_41903/0012-attr-ignore-overly-large-gitattributes-files.patch
CVE_2022_23521_and_41903/adding_missing_function.patch
CVE_2022_23521_and_41903/adding_fix_extra.patch
#CVE_2022_23521_and_41903/0013-test-lib-add-prerequisite-for-64-bit-platforms.patch
CVE_2022_23521_and_41903/0014-pretty-fix-out-of-bounds-write-caused-by-integer-ove.patch
CVE_2022_23521_and_41903/0015-pretty-fix-out-of-bounds-read-when-left-flushing-wit.patch
CVE_2022_23521_and_41903/0016-pretty-fix-out-of-bounds-read-when-parsing-invalid-p.patch
CVE_2022_23521_and_41903/0017-pretty-fix-adding-linefeed-when-placeholder-is-not-e.patch
CVE_2022_23521_and_41903/0018-pretty-fix-integer-overflow-in-wrapping-format.patch
CVE_2022_23521_and_41903/0019-utf8-fix-truncated-string-lengths-in-utf8_strnwidth.patch
CVE_2022_23521_and_41903/0020-utf8-fix-returning-negative-string-width.patch
CVE_2022_23521_and_41903/0021-utf8-fix-overflow-when-returning-string-width.patch
CVE_2022_23521_and_41903/0022-utf8-fix-checking-for-glyph-width-in-strbuf_utf8_rep.patch
CVE_2022_23521_and_41903/0023-utf8-refactor-strbuf_utf8_replace-to-not-rely-on-pre.patch
CVE_2022_23521_and_41903/0024-pretty-restrict-input-lengths-for-padding-and-wrappi.patch
CVE_2022_23521_and_41903/fix_warnings.patch
CVE_2023-22490_and_23946/0002-attr-adjust-a-mismatched-data-type.patch
CVE_2023-22490_and_23946/0003-t5619-demonstrate-clone_local-with-ambiguous-transpo.patch
CVE_2023-22490_and_23946/0004-clone-delay-picking-a-transport-until-after-get_repo.patch
CVE_2023-22490_and_23946/0006-apply-fix-writing-behind-newly-created-symbolic-link.patch
CVE-2022-39253.patch
CVE-2023-25652.patch
CVE-2023-29007-1.patch
CVE-2023-29007-2.patch
CVE-2023-29007-3.patch
CVE-2023-29007-4.patch
CVE-2023-25815.patch
CVE-2025-27613.patch
CVE-2025-46835-pre1.patch
CVE-2025-46835-pre2.patch
CVE-2025-46835.patch
CVE-2025-48384.patch
CVE-2025-48386.patch
