]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: abf7359) | patch
git: fix CVE-2021-40330
authorMinjae Kim <flowergom@gmail.com>
Thu, 25 Nov 2021 10:49:12 +0000 (19:49 +0900)
committerSteve Sakoman <steve@sakoman.com>
Sat, 27 Nov 2021 16:47:47 +0000 (06:47 -1000)
commitea0d7ef4a8c9bba94bd603ebd19e502faa86293b
tree25f89317132d17357cad23eb8f988229c54d3387tree | snapshot
parentabf73599c5706a8553a4b1f3553313059c4d9c69commit | diff
git: fix CVE-2021-40330

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character,
which may result in unexpected cross-protocol requests,
as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

Upstream-Status: Backport [https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473]
CVE: CVE-2021-40330
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/git/files/CVE-2021-40330.patch [new file with mode: 0644] blob
meta/recipes-devtools/git/git.inc diff | blob | history
Mirror of the official openembedded-core repository