Hi, I've found a security issue in the git-shell command, which allows authenticated attackers to read files, partially write files and in some configurations to execute shell commands in the context of the remote user. Should I report the details here or is there a security mailing list which I haven't found yet? Thanks, -- Timo Schmid ERNW GmbH, Carl-Bosch-Str. 4, 69115 Heidelberg - www.ernw.de Tel. +49 6221 48039-0 (HQ) - Fax +49 6221 419008 - Cell +49 151 16227192 PGP-FP F436 A5DE D817 E5A6 AFA0 A0A5 E04E 7BA1 EBDF B848 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey ============================================================== || Blog: www.insinuator.net | | Conference: www.troopers.de || ==============================================================
Attachment:
signature.asc
Description: OpenPGP digital signature