[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-she
|
From: |
Assaf Gordon |
|
Subject: |
Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell) |
|
Date: |
Wed, 7 Jun 2017 21:54:54 +0000 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hello
On Wed, Jun 07, 2017 at 04:39:59PM -0400, Leo Famulari wrote:
CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users
to bypass authentication restrictions in git-shell
[...]
Does Savannah use git-shell? Has anybody looked into this yet?
Thank you for alerting us to this issue.
Savannah does use 'git-shell',
but we're also using a standard GNU/Linux distribution,
and the fixed version was already in place as part
of the automatic daily security updates
(verified manually by Bob Proulx, just now).
Please do continue to send us such alerts if they seem relevant -
another look can never hurt.
If you (or others) discover a new vulnerability with savannah,
we encourage everyone to report it to us private at:
savannah-hackers-private (at) gnu (dot) org .
We will work with you quickly to resolve it,
and then of course make it public.
regards,
- assaf