[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell)

From: Leo Famulari
Subject: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell)
Date: Wed, 7 Jun 2017 16:39:59 -0400
User-agent: Mutt/1.8.3 (2017-05-23)

Dear Savannah,

CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users
to bypass authentication restrictions in git-shell and possibly have
other impacts.

This bug was fixed in upstream Git maintenance releases Git v2.4.12,
v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3, v2.11.2, and v2.12.3.
Apparently, 2.12.3 included some more unnamed security fixes:

Does Savannah use git-shell? Has anybody looked into this yet?

Fix commit:

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]