Dear Savannah, CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users to bypass authentication restrictions in git-shell and possibly have other impacts.
This bug was fixed in upstream Git maintenance releases Git v2.4.12, v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3, v2.11.2, and v2.12.3. Apparently, 2.12.3 included some more unnamed security fixes: http://marc.info/?l=linux-kernel&m=149437481723960&w=2 Does Savannah use git-shell? Has anybody looked into this yet? [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8386 Fix commit: https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
signature.asc
Description: PGP signature
