)]}'
{
  "commit": "8b72ad09c874ddff122b3e67b3470c5e2eab7690",
  "tree": "5c1daacdf5a2d6dc5c219bb24790d55196ebf1b9",
  "parents": [
    "9dda3892d81c74ded0a7a255d34d47206725409d"
  ],
  "author": {
    "name": "Philip Withnall",
    "email": "pwithnall@gnome.org",
    "time": "Tue Apr 28 15:47:30 2026 +0100"
  },
  "committer": {
    "name": "Philip Withnall",
    "email": "pwithnall@gnome.org",
    "time": "Tue Apr 28 15:47:30 2026 +0100"
  },
  "message": "gdbusauthmechanismsha1: Validate cookie context\n\nWithout validation, the server could send a malicious context which\ncontains path traversal characters, allowing it to exfiltrate a SHA-1\nhashed copy of arbitrary data from the client’s file system.\n\nTo exploit this successfully would require the client to choose to\nconnect peer-to-peer to a malicious D-Bus server and to choose the SHA-1\nauthentication mechanism in preference to all the other mechanisms. This\nis vanishingly unlikely.\n\nSigned-off-by: Philip Withnall \u003cpwithnall@gnome.org\u003e\n\nFixes: #3931\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "c8aa08977c8bb92e776d60843411bb564edbf7ed",
      "old_mode": 33188,
      "old_path": "gio/gdbusauthmechanismsha1.c",
      "new_id": "7f348d862da30c1a873f2399d10350919090a778",
      "new_mode": 33188,
      "new_path": "gio/gdbusauthmechanismsha1.c"
    }
  ]
}