Post: [Gitoxide October] The first security issue and usable `gix status` (CLI)

Link: https://azorius.net/c/4DhtRB1WbJvCLJwS5M

stsp on 25 Nov 2023 21:14 collapse

Nice to see progress on this! Having independent git-compatible implementations is good.

By the way, the "ssh --" issue has prior art:

CVE-2017-9800 (Subversion)
CVE-2017-12426 (GitLab)
CVE-2017-1000116 (Mercurial (hg))
CVE-2017-1000117 (Git)

https://subversion.apache.org/security/CVE-2017-9800-advisory.txt

https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

https://wiki.mercurial-scm.org/WhatsNew/Archive#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29