Critical Git Vulnerability
Phillip Susi
psusi at ubuntu.com
Tue Jan 6 15:59:12 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/21/2014 8:20 AM, Colin Law wrote:
> On 21 December 2014 at 00:45, Alex Oh <alexoh86 at gmail.com> wrote:
>> http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html
>>
>>
>>
There is a vulnerability with git pull. Would be great if the git package
>> can be updated to version 2.2.1.
>
> The link suggests it is only relevant on Win and OS X, or do I
> misinterpret it?
It is relevant on any case insensitive filesystem, whatever the OS.
In other words, you are vulnerable if you check out a git repo on a
fat or ntfs partition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUrAZQAAoJENRVrw2cjl5RntQIAKAOOKNyiaWEueto8CnkeEmg
x39S91QwLcCJ5qkbCeXYjmAYJ9W3hIeSUrjAZ0thzLc3er64W2TTRNmDKd27aZ6h
aGHyJE4yiiI14L/W8k5Usi1R9zxwcB9aXKpLE4PkwjUHc2ZpXGxRWo+SM5FWRibl
hz3xFmu2jFwgofd5GBxRtpPS8lghGxvFDNAK+x68goffRCV2TkL1lVSg1taMICG4
Nz2lOoB3fp79FHbObGtjm/Fz41eiogoi5MZin8maB6bcw8bCBf69/cDiNSb644uY
ottGLhxOlOlUyg+SXqpm0V4kXy8g0ACMS3y9h5J94nj5uYdEycpeV9nxSN28gPY=
=+fqm
-----END PGP SIGNATURE-----
More information about the Ubuntu-devel-discuss
mailing list