Announcement

Collapse
No announcement yet.

Git Issues Batch Of New Releases To Fix Security Issues

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Git Issues Batch Of New Releases To Fix Security Issues

    Phoronix: Git Issues Batch Of New Releases To Fix Security Issues

    Git 2.13.7, 2.14.4, 2.15.2, 2.16.4, and 2.17.1 were all released today in order to fix two new CVE security disclosures...

    http://www.phoronix.com/scan.php?pag...urity-CVE-2018

  • #2
    So people with commit access can compromise a company?

    Sounds mostly like a problem for github and few others.

    Comment


    • #3
      It was a problem for GitHub et. al. but they've already patched their stuff. For regular people, it's only a problem if you're in the habit of doing a recursive clone of an untrusted repo... And if you were just going to run ./configure; make; sudo make install without validating all the source... well that's an easier vector to run arbitrary code anyway.

      Comment


      • #4
        Originally posted by brrrrttttt View Post
        It was a problem for GitHub et. al. but they've already patched their stuff. For regular people, it's only a problem if you're in the habit of doing a recursive clone of an untrusted repo... And if you were just going to run ./configure; make; sudo make install without validating all the source... well that's an easier vector to run arbitrary code anyway.
        I certainly sometimes clone a repo, read all the code in an example, and then build and run the example, so I certainly am putting myself at risk, but at least I'm only doing that with projects that are at least a certain size.

        Comment


        • #5
          One of the security issue could have been fixed by Rust.

          Comment


          • #6
            Originally posted by swoorup View Post
            One of the security issue could have been fixed by Rust.
            Or by writing correct code. There are many ways to skin a cat, some involving more hand-holding than others.

            Comment

            Working...
            X