(Jun 1) It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum.
Comment
(Jun 1) Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster- ct.c.googlers.com/): “` * Submodule “names” come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting “../” into the
(Jun 4) CVE-2016-9396
(Jun 2) Security fix for CVE-2016-5003, CVE-2016-5002
(Jun 2) Security fix for CVE-2017-18267.