2 matches found
CLSA-2023-1683815086 Fix CVE(s): CVE-2023-25652, CVE-2023-29007
SECURITY UPDATE: By feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch - debian/patches/CVE-2023-25652.patch: removing a link instead of writing into ...
git: arbitrary code execution via crafted URLs
A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system...