http://bugzilla.opensuse.org/show_bug.cgi?id=910756 Bug ID: 910756 Summary: CVE-2014-9390: git: arbitrary command execution vulnerability on case-insensitive file systems Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: ---
This is a security-fix for CVE-2014-9390, which affects users on Windows and Mac OS X but not typical UNIX users. A set of new releases for older maintenance tracks (v1.8.5.6, v1.9.5, v2.0.5, and v2.1.4) are published at the same time and they contain the same fix. Various implementations and ports, including Git for Windows, Git OS X installer, JGit & EGit, libgit2 (and Visual Studio which uses it) have been updated at the same time.
Even though the issue may not affect Linux users, if you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect such users who use existing versions of Git.
Not directly affected, but updates to 1.8.5.6, 1.9.5, 2.0.5, 2.1.4, 2.2.1 should be advised. -- You are receiving this mail because: You are on the CC list for the bug.