https://github.com/blog/1938-git-client-vulnerability-announced
Just wanted to let you know since some of you might be using it. (Especially the devs).
I found some references on twitter few minutes ago and I was trying to understand:
http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html
http://stackoverflow.com/questions/27557021/are-remote-git-clients-vulnerable-to-cve-2014-9390-if-only-trusted-users-have-ss
In a very short summary: on file systems case-insensitive the .git directory could be overwritten pulling code from a remote repository where a directory with the same name, but different case (e.g. .Git or .gIT, etc.) is added to the repo (I think), that would allow the attacker to do some nasty things.
Just thought about telling all of you, in fact I don't even have an account on Git but you may have that client thing.