-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial Xcode 6.2 beta 3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.2 (6C101)". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUk1PKAAoJEBcWfLTuOo7t268P/2z353ePUi8rj8332xbzgYsz Jc4kMXnGe1jM2Gx12RuT/v/QIIjfguCSzExXimQriFTIbnkFz8rYDPqSFI0fM2T9 8dbtpED3VnsvGQmAUVCfd9GvtqDvx6ZPW2AKih6ly7XtGtqBZLxssGbZFvXNU4X3 fDbmF0jm8nLQoAcpFvarERmhQQOeMDw2Grf3ynPpMxe2iznAkAR8Asves8sUFh36 ALdDyQtW2WhWSUhHN8o31VTD2DgV57VwJ2rL6F9UMHmOu7x5SBAATLaNRD1fQOrR aMmFypeUQR1/6CyTT8E9ReUy5iG4X+Sy52LPB7sovPTLIweaOW1Ru12XEbjhBzR6 ZNUMcujQEAWwzaHPBIzDKCcG74QY/JpZzrnwvgvgVZ+nrM2tDtSUbfHmGJGzLDNw xmE+fn1Ik1p1pSShOUO1/2uU9fM9x/P86Kyp07QG7sOZoJN6Wbn+CM/TGwpLBRRs 4Rj+NxlNph5IWzfLIJqCTu4v8hpM/jIMYjQG69BewXOisZVKw1FVHWIzbxHVIApH n+Kk4Wc2qhLaLLiPzMaDrwe4i5in8ImDhTUW0WH6Un7xuojvRFvTWLchc/Z7QJ6l +ExN2msjPf73iHY4c9E4eWNOeIyzrpyyHqrxswnlp844fpDHF9Qc8jVScywMtcc0 qOvKkbiVCkNdEtNdAq0d =Umq9 -----END PGP SIGNATURE-----
