diff options
author | 2017-08-18 11:36:34 -0400 | |
---|---|---|
committer | 2017-08-18 11:36:34 -0400 | |
commit | 6b7bad9d7eefa17f4c3a0baa14fb2b89d6c2a319 (patch) | |
tree | d740a7684979bf893e2fad67704f2b4ca39fc1c9 /doc/news | |
parent | 66e7b62912d48d18f8d82535e8f3a51a22d7b566 (diff) |
add bug for security hole, with exploit details
Diffstat (limited to 'doc/news')
-rw-r--r-- | doc/news/version_6.20170818.mdwn | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/doc/news/version_6.20170818.mdwn b/doc/news/version_6.20170818.mdwn index 09cb8172a..97ad292ea 100644 --- a/doc/news/version_6.20170818.mdwn +++ b/doc/news/version_6.20170818.mdwn @@ -1,6 +1,9 @@ -**Note** this is a security fix release. While the security -hole needs perhaps some social engineering to exploit, a prompt upgrade is -strongly recommended. +**Note** this is a security fix release. A prompt upgrade is strongly +recommended. Attacks using this security hole will involve the attacker +either providing a ssh repository url to the user, or the user pulling from +a git-annex repository provided by an attacker and then running `git annex +enableremote`. For details about the security hole, see +[[bugs/dashed_ssh_hostname_security_hole]]. git-annex 6.20170818 released with [[!toggle text="these changes"]] [[!toggleable text=""" |