[openstack-dev] Git client vulnerability

Jeremy Stanley fungi at yuggoth.org
Fri Dec 19 13:19:48 UTC 2014

On 2014-12-19 13:35:06 +0100 (+0100), Dr. Jens Rosenboom wrote:
> While github.com claim to have patched their servers, people using
> other repos may want to be extra cautious.

Please re-read that advisory[1]. GitHub's _servers_ were not
affected as this is a client-side vulnerability. What GitHub did was
release fixed versions of their "GitHub for Windows" and "GitHub for
Mac" _client_ tools.

That said, people using Git (and apparently Mercurial[2]?) clients
on non-case-sensitive filesystems (that's mainly Windows and Mac,
not typical Linux/BSD) are at risk if they haven't upgraded their
client applications accordingly.

[1] https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
[2] http://www.openwall.com/lists/oss-security/2014/12/19/1
Jeremy Stanley

More information about the OpenStack-dev mailing list