[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-she
Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell)
Wed, 7 Jun 2017 21:54:54 +0000
On Wed, Jun 07, 2017 at 04:39:59PM -0400, Leo Famulari wrote:
CVE-2017-8386  was recently fixed for Git. This bug allows remote users
to bypass authentication restrictions in git-shell
Does Savannah use git-shell? Has anybody looked into this yet?
Thank you for alerting us to this issue.
Savannah does use 'git-shell',
but we're also using a standard GNU/Linux distribution,
and the fixed version was already in place as part
of the automatic daily security updates
(verified manually by Bob Proulx, just now).
Please do continue to send us such alerts if they seem relevant -
another look can never hurt.
If you (or others) discover a new vulnerability with savannah,
we encourage everyone to report it to us private at:
savannah-hackers-private (at) gnu (dot) org .
We will work with you quickly to resolve it,
and then of course make it public.