December 19, 2014
Git vulnerability announced! Upgrade your git client
Git just announced a new release (ver 2.2.1) of the git client that fixes a vulnerability affecting all git users on Windows and Mac OSX operating systems. Github says this:
The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.
Read more