From: Johannes Sixt <j6t@kdbg.org>
Date: Tue, 20 May 2025 06:56:09 +0000 (+0200)
Subject: Merge branch 'js/fix-open-exec'
X-Git-Tag: v2.43.7~4^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=311d9ada3a7c2c49669d656a0359cc3a9ccfeeef;p=thirdparty%2Fgit.git

Merge branch 'js/fix-open-exec'

This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:

When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
---

311d9ada3a7c2c49669d656a0359cc3a9ccfeeef