[3.7] myrepos: missing URL sanitization (CVE-2018-7032)
webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
attacker to take advantage of it for arbitrary code execution, as demonstrated by an “ext::sh -c” attack or an option injection attack.
(from redmine: issue id 9201, created on 2018-08-07, closed on 2018-08-23)
- Revision b8aa48b6 by Natanael Copa on 2018-08-22T09:50:24Z:
main/myrepos: security upgrade to 1.20180726 (CVE-2018-7032) fixes #9201