On 8/12/17, Richard Hipp wrote:
>
> I went a slightly different route...
Having thought about this more, I'm thinking now that I might go back
to Andy's approach
--
D. Richard Hipp
d...@sqlite.org
___
fossil-dev mailing list
On 8/12/17, Andy Bradford wrote:
> I think a bigger problem that Fossil has is partially addressed here:
>
> http://www.fossil-scm.org/index.html/info/ce7baa9798de21aa
>
> which is similar to the attack vector that you just fixed, though
> perhaps worse because it
There were coordinated releases today of Git, Hg, and SVN to patch a
vulnerability associated with the use of "ssh://" in those systems.
If the hostname or some other property of the URL could be manipulated
to begin with a "-" character, then the constructed "ssh" command
would understand the