On 2014-12-19 13:34:06 +0000 (+0000), Louis Taylor wrote: > On Fri, Dec 19, 2014 at 01:19:48PM +0000, Jeremy Stanley wrote: > > Please re-read that advisory[1]. GitHub's _servers_ were not > > affected as this is a client-side vulnerability. What GitHub did was > > release fixed versions of their "GitHub for Windows" and "GitHub for > > Mac" _client_ tools. > > Github's servers were patched such that is is now not possible to host a > malicious repository on github servers, and attempts to push one will be > rejected. This is mentioned in the advisory.
Yes, thanks, I phrased that poorly. GitHub's servers were not vulnerable, but you are correct that they have added some mitigation within their service to help shield as-of-yet unpatched clients from the announced vulnerability. -- Jeremy Stanley _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev