git: 3fb1ffb2b269 - main - security/vuln: Fix file
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 23 Jan 2023 12:47:06 UTC
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=3fb1ffb2b26959f4ea21ead0441fe18602cdbfeb commit 3fb1ffb2b26959f4ea21ead0441fe18602cdbfeb Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2023-01-23 12:42:21 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 12:42:21 +0000 security/vuln: Fix file It didn't pass `make validate`. --- security/vuxml/vuln/2023.xml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index d43c2aa94ef3..b792812464d5 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -11,23 +11,23 @@ <p>Peter Ammon reports:</p> <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-20001"> <p> - fish is a command line shell. fish version 3.1.0 through - version 3.3.1 is vulnerable to arbitrary code execution. - git repositories can contain per-repository - configuration that change the behavior of git, including - running arbitrary commands. When using the default - configuration of fish, changing to a directory - automatically runs git commands in order to display - information about the current repository in the prompt. - If an attacker can convince a user to change their - current directory into one controlled by the attacker, - such as on a shared file system or extracted archive, - fish will run arbitrary commands under the attacker's - control. This problem has been fixed in fish 3.4.0. Note - that running git in these directories, including using - the git tab completion, remains a potential trigger for - this issue. As a workaround, remove the - fish_git_prompt function from the prompt. + fish is a command line shell. fish version 3.1.0 through + version 3.3.1 is vulnerable to arbitrary code execution. + git repositories can contain per-repository + configuration that change the behavior of git, including + running arbitrary commands. When using the default + configuration of fish, changing to a directory + automatically runs git commands in order to display + information about the current repository in the prompt. + If an attacker can convince a user to change their + current directory into one controlled by the attacker, + such as on a shared file system or extracted archive, + fish will run arbitrary commands under the attacker's + control. This problem has been fixed in fish 3.4.0. Note + that running git in these directories, including using + the git tab completion, remains a potential trigger for + this issue. As a workaround, remove the + fish_git_prompt function from the prompt. </p> </blockquote> </body>