On 2014-12-19 13:35:06 +0100 (+0100), Dr. Jens Rosenboom wrote: [...] > While github.com claim to have patched their servers, people using > other repos may want to be extra cautious. Please re-read that advisory[1]. GitHub's _servers_ were not affected as this is a client-side vulnerability. What GitHub did was release fixed versions of their "GitHub for Windows" and "GitHub for Mac" _client_ tools. That said, people using Git (and apparently Mercurial[2]?) clients on non-case-sensitive filesystems (that's mainly Windows and Mac, not typical Linux/BSD) are at risk if they haven't upgraded their client applications accordingly. [1] https://github.com/blog/1938-vulnerability-announced-update-your-git-clients [2] http://www.openwall.com/lists/oss-security/2014/12/19/1 -- Jeremy Stanley