]> git.ipfire.org Git - thirdparty/git.git/commitdiff
projects / thirdparty / git.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 2c9a4c7 fade728)
Merge branch 'ps/apply-beyond-symlink' into maint-2.30
authorJunio C Hamano <gitster@pobox.com>
Fri, 3 Feb 2023 22:57:27 +0000 (14:57 -0800)
committerJohannes Schindelin <johannes.schindelin@gmx.de>
Mon, 6 Feb 2023 08:12:16 +0000 (09:12 +0100)
Fix a vulnerability (CVE-2023-23946) that allows crafted input to trick
`git apply` into writing files outside of the working tree.

* ps/apply-beyond-symlink:
  dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Trivial merge
Unnamed repository; edit this file 'description' to name the repository.