]> git.ipfire.org Git - thirdparty/git.git/commit
projects / thirdparty / git.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: a7d1716 a437f5b)
Merge branch 'js/fix-open-exec'
authorJohannes Sixt <j6t@kdbg.org>
Tue, 20 May 2025 06:56:09 +0000 (08:56 +0200)
committerTaylor Blau <me@ttaylorr.com>
Fri, 23 May 2025 21:04:31 +0000 (17:04 -0400)
commit311d9ada3a7c2c49669d656a0359cc3a9ccfeeef
tree2a415d4e14344093eda9d6e2a0daa026ae564989tree | snapshot
parenta7d1716fa648f6557ea9c91e0f04bae2e8738e6acommit | diff
parenta437f5bc93330a70b42a230e52f3bd036ca1b1dacommit | diff
Merge branch 'js/fix-open-exec'

This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:

When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
20 files changed:
git-gui/git-gui.sh diff1 | diff2 | blob | history
git-gui/lib/blame.tcl diff1 | diff2 | blob | history
git-gui/lib/branch.tcl diff1 | diff2 | blob | history
git-gui/lib/browser.tcl diff1 | diff2 | blob | history
git-gui/lib/checkout_op.tcl diff1 | diff2 | blob | history
git-gui/lib/choose_repository.tcl diff1 | diff2 | blob | history
git-gui/lib/choose_rev.tcl diff1 | diff2 | blob | history
git-gui/lib/commit.tcl diff1 | diff2 | blob | history
git-gui/lib/console.tcl diff1 | diff2 | blob | history
git-gui/lib/database.tcl diff1 | diff2 | blob | history
git-gui/lib/diff.tcl diff1 | diff2 | blob | history
git-gui/lib/index.tcl diff1 | diff2 | blob | history
git-gui/lib/merge.tcl diff1 | diff2 | blob | history
git-gui/lib/mergetool.tcl diff1 | diff2 | blob | history
git-gui/lib/remote.tcl diff1 | diff2 | blob | history
git-gui/lib/remote_branch_delete.tcl diff1 | diff2 | blob | history
git-gui/lib/shortcut.tcl diff1 | diff2 | blob | history
git-gui/lib/sshkey.tcl diff1 | diff2 | blob | history
git-gui/lib/tools.tcl diff1 | diff2 | blob | history
git-gui/lib/win32.tcl diff1 | diff2 | blob | history
Unnamed repository; edit this file 'description' to name the repository.