[3.3] git: arbitrary code execution issues via URLs (CVE-2015-7545)
A flaw was found in the way the git-remote-ext helper processed certain
If a user had Git configured to automatically clone submodules from untrusted repositories,
an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary
code on the user’s system.
Fixed in 2.6.1, 2.5.4, 2.4.10, 2.3.10
(from redmine: issue id 5003, created on 2016-01-08, closed on 2017-09-05)
- parent #5002 (closed)