]> git.ipfire.org Git - thirdparty/git.git/commitdiff
projects / thirdparty / git.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 664d4fa 8e3070a)
Merge branch 'ah/fix-open-with-stdin'
authorJohannes Sixt <j6t@kdbg.org>
Wed, 14 May 2025 16:27:05 +0000 (18:27 +0200)
committerTaylor Blau <me@ttaylorr.com>
Fri, 23 May 2025 21:04:30 +0000 (17:04 -0400)
This addresses CVE-2025-27614, Arbitrary command execution with Gitk:

A Git repository can be crafted in such a way that with some social
engineering a user who has cloned the repository can be tricked into
running any script (e.g., Bourne shell, Perl, Python, ...) supplied by
the attacker by invoking `gitk filename`, where `filename` has a
particular structure. The script is run with the privileges of the user.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
1  2 
gitk-git/gitk patch | diff1 | diff2 | blob | history

diff --cc gitk-git/gitk
Simple merge
Unnamed repository; edit this file 'description' to name the repository.