aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn
Commit message (Collapse)AuthorAge
* Add CVE references for CVE-2016-10026Simon McVittie2016-12-21
|
* Replied.intrigeri2016-12-20
|
* Tell `git revert` not to follow renamesSimon McVittie2016-12-19
| | | | | | | | | | | | Otherwise, we have an authorization bypass vulnerability: rcs_preprevert looks at what changed in the commit we are reverting, not at what would result from reverting it now. In particular, if some files were renamed since the commit we are reverting, a revert of changes that were within the designated subdirectory and allowed by check_canchange() might now affect files that are outside the designated subdirectory or disallowed by check_canchange(). Signed-off-by: Simon McVittie <smcv@debian.org>
* (no commit message)smcv2016-12-19
|
* Report authorization bypass via RCS revert.intrigeri2016-12-17
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-16 01:31:03 +0000