From: Johannes Sixt <j6t@kdbg.org>
Date: Tue, 8 Jul 2025 18:46:24 +0000 (+0200)
Subject: Merge branch 'ah/fix-open-with-stdin'
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c8be6f09043e152493e369be8469d645098469f;p=thirdparty%2Fgit.git

Merge branch 'ah/fix-open-with-stdin'

This addresses CVE-2025-27614, Arbitrary command execution with Gitk:

A Git repository can be crafted in such a way that with some social
engineering a user who has cloned the repository can be tricked into
running any script (e.g., Bourne shell, Perl, Python, ...) supplied by
the attacker by invoking `gitk filename`, where `filename` has a
particular structure. The script is run with the privileges of the user.

* ah/fix-open-with-stdin:
  gitk: encode arguments correctly with "open"

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
---

0c8be6f09043e152493e369be8469d645098469f