On Wed, Jun 07, 2017 at 09:54:54PM +0000, Assaf Gordon wrote: > Hello > > On Wed, Jun 07, 2017 at 04:39:59PM -0400, Leo Famulari wrote: > > > CVE-2017-8386 [0] was recently fixed for Git. This bug allows remote users > > to bypass authentication restrictions in git-shell [...] > > Does Savannah use git-shell? Has anybody looked into this yet? > > Thank you for alerting us to this issue. > > Savannah does use 'git-shell', > but we're also using a standard GNU/Linux distribution, > and the fixed version was already in place as part > of the automatic daily security updates > (verified manually by Bob Proulx, just now).
Awesome, thanks for double-checking. > Please do continue to send us such alerts if they seem relevant - > another look can never hurt. > > If you (or others) discover a new vulnerability with savannah, > we encourage everyone to report it to us private at: > savannah-hackers-private (at) gnu (dot) org . > We will work with you quickly to resolve it, > and then of course make it public. Okay, I'll do that in the future.
signature.asc
Description: PGP signature
