'[ANNOUNCE] Git v2.14.1, v2.13.5, and others' - MARC


25 bookmarks. First posted by vielmetti august 2017.


RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by wolever
These contain a security fix for CVE-2017-1000117, and are released
in coordination with Subversion and Mercurial that share a similar
issue. CVE-2017-9800 and CVE-2017-1000116 are assigned to these
systems, respectively, for issues similar to it that are now
addressed in their part of this coordinated release. Such a URL could be placed in the .gitmodules file of a malicious
project, and an unsuspecting victim could be tricked into running
"git clone --recurse-submodules" to trigger the vulnerability. Credits to find and fix the issue go to Brian Neel at GitLab, Joern
Schneeweisz of Recurity Labs and Jeff King at GitHub. * Similarly, when GIT_PROXY_COMMAND is configured, the command is
run with host and port that are parsed out from "ssh://..." URL;
a poorly written GIT_PROXY_COMMAND could be tricked into treating
a string that begins with a dash "-" as an option.
august 2017 by sechilds
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter_favs
august 2017 by h10n
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by DennisLaumen
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by garrett
Git bug fix
git 
august 2017 by HighCharisma
This is an excellent find.
from twitter
august 2017 by tptacek
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter_favs
august 2017 by cnicolaou
Update your Git client now:
from twitter_favs
august 2017 by floehopper
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by netweb
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by Fallingbadgers
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by etorreborre
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by bryce
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by bfritz
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by mnem
Update Git. ssh:// url can be abused to run cmds

poc: git clone ssh://-oProxyCommand=touch%20foo/github.com
from twitter_favs
august 2017 by vfxGer
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by rjw1
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by chrispoole
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
august 2017 by mendel
PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter_favs
august 2017 by vielmetti

tags

2.14.1  2  bug  exploit  git  min  ssh  upgrade  vulnerability