lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 14:25:57 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Cc: cve@...re.org, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org
Subject: APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for:  OS X Mavericks v10.9.4 or later
Impact:  Synching with a malicious git repository may allow
unexpected files to be added to the .git folder
Description:  The checks involved in disallowed paths did not account
for case insensitivity or unicode characters. This issue was
addressed by adding additional checks.
CVE-ID
CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of
Mercurial

Xcode 6.2 beta 3 may be obtained from:
https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "6.2 (6C101)".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUk1PKAAoJEBcWfLTuOo7t268P/2z353ePUi8rj8332xbzgYsz
Jc4kMXnGe1jM2Gx12RuT/v/QIIjfguCSzExXimQriFTIbnkFz8rYDPqSFI0fM2T9
8dbtpED3VnsvGQmAUVCfd9GvtqDvx6ZPW2AKih6ly7XtGtqBZLxssGbZFvXNU4X3
fDbmF0jm8nLQoAcpFvarERmhQQOeMDw2Grf3ynPpMxe2iznAkAR8Asves8sUFh36
ALdDyQtW2WhWSUhHN8o31VTD2DgV57VwJ2rL6F9UMHmOu7x5SBAATLaNRD1fQOrR
aMmFypeUQR1/6CyTT8E9ReUy5iG4X+Sy52LPB7sovPTLIweaOW1Ru12XEbjhBzR6
ZNUMcujQEAWwzaHPBIzDKCcG74QY/JpZzrnwvgvgVZ+nrM2tDtSUbfHmGJGzLDNw
xmE+fn1Ik1p1pSShOUO1/2uU9fM9x/P86Kyp07QG7sOZoJN6Wbn+CM/TGwpLBRRs
4Rj+NxlNph5IWzfLIJqCTu4v8hpM/jIMYjQG69BewXOisZVKw1FVHWIzbxHVIApH
n+Kk4Wc2qhLaLLiPzMaDrwe4i5in8ImDhTUW0WH6Un7xuojvRFvTWLchc/Z7QJ6l
+ExN2msjPf73iHY4c9E4eWNOeIyzrpyyHqrxswnlp844fpDHF9Qc8jVScywMtcc0
qOvKkbiVCkNdEtNdAq0d
=Umq9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists