GitHub client exploited December 19, 2014, 06:58:36 pm https://github.com/blog/1938-git-client-vulnerability-announcedJust wanted to let you know since some of you might be using it. (Especially the devs).
Re: GitHub client exploited Reply #1 – December 19, 2014, 07:09:23 pm I found some references on twitter few minutes ago and I was trying to understand:http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.htmlhttp://stackoverflow.com/questions/27557021/are-remote-git-clients-vulnerable-to-cve-2014-9390-if-only-trusted-users-have-ssIn a very short summary: on file systems case-insensitive the .git directory could be overwritten pulling code from a remote repository where a directory with the same name, but different case (e.g. .Git or .gIT, etc.) is added to the repo (I think), that would allow the attacker to do some nasty things.
Re: GitHub client exploited Reply #2 – December 19, 2014, 11:37:18 pm Just thought about telling all of you, in fact I don't even have an account on Git but you may have that client thing.