Theo Niessink has uncovered a serious sercurity issue in Git for Windows, where cloning an evil repository can arbitrarily overwrite files outside the repository. Since many Windows users run as administrators, this can be used for very nasty purposes. The first two patches fix "git add" so it reject paths outside of the repository when specified in the "C:\..."-form on Windows. Patch 3/3 makes sure we don't try to actually write to these files. This series applies cleanly to 'maint', and I strongly encourage that we apply at the very least 3/3 there. Erik Faye-Lund (1): verify_path: consider dos drive prefix Theo Niessink (2): A Windows path starting with a backslash is absolute real_path: do not assume '/' is the path seperator abspath.c | 4 ++-- cache.h | 2 +- compat/mingw.h | 9 +++++++++ git-compat-util.h | 4 ++++ read-cache.c | 5 ++++- 5 files changed, 20 insertions(+), 4 deletions(-) -- 1.7.5.3.3.g435ff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html