On Tue, Apr 29, 2008 at 08:45:42PM -0400, Morten Welinder wrote:
> > - system("git-update-ref $remote/$branch $cid") == 0
> > + system('git-update-ref', "$remote/$branch", $cid) == 0
>
> I hope there are no further such system calls left. This could run arbitrary
> commands if one was tricked into importing an evil repository.
Yes, even if that doesn't fix his problem, it should still be changed. I
have confirmed that it's the only such one in git-cvsimport.
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
