| commit | 86cb6a3f059968d031fdf6ed49ab38a7ae00847f | |
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | |
| Sat, 30 Mar 2024 23:22:41 +0000 (31 00:22 +0100) | ||
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | |
| Wed, 17 Apr 2024 20:30:24 +0000 (17 22:30 +0200) | ||
| tree | 9dec3da0e9dbd56955d0a65f07016779986c88a3 | treesnapshot (tar.gz zip) |
| parent | 9e06401098f5f83fc9a69ab27e449ae746638892 | commitdiff |
| parent | e8d0608944486019ea0e1ed2ed29776811a565c2 | commitdiff |
Merge branch 'icasefs-symlink-confusion'
This topic branch fixes two vulnerabilities:
- Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
- Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This topic branch fixes two vulnerabilities:
- Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
- Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>