[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-she

From: Leo Famulari
Subject: Re: [Savannah-hackers-public] Git CVE-2017-8386 (auth bypass via git-shell)
Date: Wed, 7 Jun 2017 18:24:35 -0400
User-agent: Mutt/1.8.3 (2017-05-23)

On Wed, Jun 07, 2017 at 09:54:54PM +0000, Assaf Gordon wrote:
> Hello
> On Wed, Jun 07, 2017 at 04:39:59PM -0400, Leo Famulari wrote:
> > CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users
> > to bypass authentication restrictions in git-shell [...]
> > Does Savannah use git-shell? Has anybody looked into this yet?
> Thank you for alerting us to this issue.
> Savannah does use 'git-shell',
> but we're also using a standard GNU/Linux distribution,
> and the fixed version was already in place as part
> of the automatic daily security updates
> (verified manually by Bob Proulx, just now).

Awesome, thanks for double-checking.

> Please do continue to send us such alerts if they seem relevant -
> another look can never hurt.
> If you (or others) discover a new vulnerability with savannah,
> we encourage everyone to report it to us private at:
>   savannah-hackers-private (at) gnu (dot) org .
> We will work with you quickly to resolve it,
> and then of course make it public.

Okay, I'll do that in the future.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]