'[ANNOUNCE] Git v2.14.1, v2.13.5, and others' - MARC


24 bookmarks. First posted by vielmetti 10 weeks ago.


RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
9 weeks ago by wolever
These contain a security fix for CVE-2017-1000117, and are released
in coordination with Subversion and Mercurial that share a similar
issue. CVE-2017-9800 and CVE-2017-1000116 are assigned to these
systems, respectively, for issues similar to it that are now
addressed in their part of this coordinated release. Such a URL could be placed in the .gitmodules file of a malicious
project, and an unsuspecting victim could be tricked into running
"git clone --recurse-submodules" to trigger the vulnerability. Credits to find and fix the issue go to Brian Neel at GitLab, Joern
Schneeweisz of Recurity Labs and Jeff King at GitHub. * Similarly, when GIT_PROXY_COMMAND is configured, the command is
run with host and port that are parsed out from "ssh://..." URL;
a poorly written GIT_PROXY_COMMAND could be tricked into treating
a string that begins with a dash "-" as an option.
9 weeks ago by sechilds
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter_favs
9 weeks ago by h10n
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
9 weeks ago by DennisLaumen
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by garrett
Git bug fix
git 
10 weeks ago by HighCharisma
This is an excellent find.
from twitter
10 weeks ago by tptacek
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter_favs
10 weeks ago by cnicolaou
Update your Git client now:
from twitter_favs
10 weeks ago by floehopper
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by netweb
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by Fallingbadgers
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by etorreborre
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by bryce
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by bfritz
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by mnem
Update Git. ssh:// url can be abused to run cmds

poc: git clone ssh://-oProxyCommand=touch%20foo/github.com
from twitter_favs
10 weeks ago by vfxGer
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by rjw1
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by chrispoole
RT : PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter
10 weeks ago by mendel
PSA: Update your version control system client NOW.

hg:

git:

svn:
from twitter_favs
10 weeks ago by vielmetti