subject:"\[fossil\-dev\] The \"ssh\:\/\/\" vulnerability"

Re: [fossil-dev] The "ssh://" vulnerability

2017-08-12 Thread Richard Hipp

On 8/12/17, Richard Hipp wrote: > > I went a slightly different route... Having thought about this more, I'm thinking now that I might go back to Andy's approach -- D. Richard Hipp d...@sqlite.org ___ fossil-dev mailing list

Re: [fossil-dev] The "ssh://" vulnerability

2017-08-12 Thread Richard Hipp

On 8/12/17, Andy Bradford wrote: > I think a bigger problem that Fossil has is partially addressed here: > > http://www.fossil-scm.org/index.html/info/ce7baa9798de21aa > > which is similar to the attack vector that you just fixed, though > perhaps worse because it

[fossil-dev] The "ssh://" vulnerability

2017-08-11 Thread Richard Hipp

There were coordinated releases today of Git, Hg, and SVN to patch a vulnerability associated with the use of "ssh://" in those systems. If the hostname or some other property of the URL could be manipulated to begin with a "-" character, then the constructed "ssh" command would understand the

Re: [fossil-dev] The "ssh://" vulnerability

Re: [fossil-dev] The "ssh://" vulnerability

[fossil-dev] The "ssh://" vulnerability

3 matches

Site Navigation

Mail list logo

Footer information