snaggen@programming.dev to Rust@programming.dev · 1 year ago[Gitoxide October] The first security issue and usable gix status (CLI)github.comexternal-linkmessage-square1fedilinkarrow-up120arrow-down10cross-posted to: rust@lemmit.online
arrow-up120arrow-down1external-link[Gitoxide October] The first security issue and usable gix status (CLI)github.comsnaggen@programming.dev to Rust@programming.dev · 1 year agomessage-square1fedilinkcross-posted to: rust@lemmit.online
minus-squarestsp@azorius.netlinkfedilinkarrow-up4·1 year agoNice to see progress on this! Having independent git-compatible implementations is good. By the way, the “ssh --” issue has prior art: CVE-2017-9800 (Subversion) CVE-2017-12426 (GitLab) CVE-2017-1000116 (Mercurial (hg)) CVE-2017-1000117 (Git) https://subversion.apache.org/security/CVE-2017-9800-advisory.txt https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html https://wiki.mercurial-scm.org/WhatsNew/Archive#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
Nice to see progress on this! Having independent git-compatible implementations is good.
By the way, the “ssh --” issue has prior art:
CVE-2017-9800 (Subversion)
CVE-2017-12426 (GitLab)
CVE-2017-1000116 (Mercurial (hg))
CVE-2017-1000117 (Git)
https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html
https://wiki.mercurial-scm.org/WhatsNew/Archive#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29