Matthias Gerstner
Matthias Gerstner
I don't think that this is a security related topic. A file with a mode of 0 is pretty safe ... So I would say it is more regular quality...
Mitre assigned CVE-2023-43619 to track this issue.
> Shouldn't [CVE-2023-43619](https://github.com/advisories/GHSA-ppjh-xp5v-46wc) cover 9.6.6 as well? The GitHub advisory references the [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-43619) entry for this issue, where the statement is included that `versions through 9.6.5` are affected. At the...
> @mgerstner looking back at this issue, I don't think its applicable. > > > relative paths like ../.ssh/authorized_keys can be transferred > > this is actually not true. if...
> ah okay. I understand the bug now. seems like an easy fix. > > @mgerstner I invited you to be a code collaborator of croc so it should be...
> > you suggesting that I should fix it? > > yes, I invited you to be a maintainer so you can take responsibility for the issues you raised. >...
> Isn't that knowledge only available AFTER the intended receiver starts receiving the file? It is a race condition. The command line will be visible in the process list as...
Mitre assigned CVE-2023-43621 to track this issue.
Mitre assigned CVE-2023-43620 to track this issue.
Mitre assigned CVE-2023-43616 to track this issue.