[Gitoxide October] The first security issue and usable `gix status` (CLI) (github.com)
from snaggen@programming.dev to rust@programming.dev on 25 Nov 2023 13:37
https://programming.dev/post/6370267

#rust

threaded - newest

stsp on 25 Nov 2023 21:14 collapse

Nice to see progress on this! Having independent git-compatible implementations is good.

By the way, the "ssh --" issue has prior art:

CVE-2017-9800 (Subversion)
CVE-2017-12426 (GitLab)
CVE-2017-1000116 (Mercurial (hg))
CVE-2017-1000117 (Git)

https://subversion.apache.org/security/CVE-2017-9800-advisory.txt

https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

https://wiki.mercurial-scm.org/WhatsNew/Archive#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29