Edward Thomson


I'm a software developer who works on version control tools at Microsoft in Cambridge, Massachusetts. I work on the Git repository management functionality in Visual Studio and Team Foundation Server, as well as a number of open source projects like libgit2 and Infinity.NET.

Blog: Another libgit2 security update

January 20, 2015    7:41 PM

On the heels of CVE 2014-9390, we are announcing another round of security updates to libgit2. Similar to the prior vulnerability, an attacker can construct a git commit that, when checked out, may cause files to be written to your .git directory which may lead to arbitrary code execution.