| commit | a3033a68ac3886d44ee378784ae242f25afc9970 | |
| author | Junio C Hamano <gitster@pobox.com> | |
| Fri, 3 Feb 2023 22:57:27 +0000 (3 14:57 -0800) | ||
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | |
| Mon, 6 Feb 2023 08:12:16 +0000 (6 09:12 +0100) | ||
| tree | 72737d582c2371a1b440bb630502398005eddb40 | treesnapshot (tar.gz zip) |
| parent | 2c9a4c731010685b86559c06637aeef2ac5ea06e | commitdiff |
| parent | fade728df1221598f42d391cf377e9e84a32053f | commitdiff |
Merge branch 'ps/apply-beyond-symlink' into maint-2.30
Fix a vulnerability (CVE-2023-23946) that allows crafted input to trick
`git apply` into writing files outside of the working tree.
* ps/apply-beyond-symlink:
dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Fix a vulnerability (CVE-2023-23946) that allows crafted input to trick
`git apply` into writing files outside of the working tree.
* ps/apply-beyond-symlink:
dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>