lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Dec 2014 14:25:57 -0800 From: Apple Product Security <product-security-noreply@...ts.apple.com> To: security-announce@...ts.apple.com Cc: cve@...re.org, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org Subject: APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial Xcode 6.2 beta 3 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.2 (6C101)". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUk1PKAAoJEBcWfLTuOo7t268P/2z353ePUi8rj8332xbzgYsz Jc4kMXnGe1jM2Gx12RuT/v/QIIjfguCSzExXimQriFTIbnkFz8rYDPqSFI0fM2T9 8dbtpED3VnsvGQmAUVCfd9GvtqDvx6ZPW2AKih6ly7XtGtqBZLxssGbZFvXNU4X3 fDbmF0jm8nLQoAcpFvarERmhQQOeMDw2Grf3ynPpMxe2iznAkAR8Asves8sUFh36 ALdDyQtW2WhWSUhHN8o31VTD2DgV57VwJ2rL6F9UMHmOu7x5SBAATLaNRD1fQOrR aMmFypeUQR1/6CyTT8E9ReUy5iG4X+Sy52LPB7sovPTLIweaOW1Ru12XEbjhBzR6 ZNUMcujQEAWwzaHPBIzDKCcG74QY/JpZzrnwvgvgVZ+nrM2tDtSUbfHmGJGzLDNw xmE+fn1Ik1p1pSShOUO1/2uU9fM9x/P86Kyp07QG7sOZoJN6Wbn+CM/TGwpLBRRs 4Rj+NxlNph5IWzfLIJqCTu4v8hpM/jIMYjQG69BewXOisZVKw1FVHWIzbxHVIApH n+Kk4Wc2qhLaLLiPzMaDrwe4i5in8ImDhTUW0WH6Un7xuojvRFvTWLchc/Z7QJ6l +ExN2msjPf73iHY4c9E4eWNOeIyzrpyyHqrxswnlp844fpDHF9Qc8jVScywMtcc0 qOvKkbiVCkNdEtNdAq0d =Umq9 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists