[openstack-dev] Git client vulnerability

Louis Taylor kragniz at gmail.com
Fri Dec 19 13:34:06 UTC 2014


On Fri, Dec 19, 2014 at 01:19:48PM +0000, Jeremy Stanley wrote:
> Please re-read that advisory[1]. GitHub's _servers_ were not
> affected as this is a client-side vulnerability. What GitHub did was
> release fixed versions of their "GitHub for Windows" and "GitHub for
> Mac" _client_ tools.

Github's servers were patched such that is is now not possible to host a
malicious repository on github servers, and attempts to push one will be
rejected. This is mentioned in the advisory.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141219/4fe00a94/attachment.pgp>


More information about the OpenStack-dev mailing list