请尽快升级Git客户端版本至V2.2.1

修复CVE-2014-9390安全漏洞：更新Git客户端至v2.2.1

最新推荐文章于 2025-06-09 09:18:14 发布

原创最新推荐文章于 2025-06-09 09:18:14 发布 · 481 阅读

0 ·

CC 4.0 BY-SA版权

This is a security-fix for CVE-2014-9390, which affects users on
Windows and Mac OS X but not typical UNIX users. A set of new
releases for older maintenance tracks (v1.8.5.6, v1.9.5, v2.0.5, and
v2.1.4) are published at the same time and they contain the same fix.
Various implementations and ports, including Git for Windows, Git OS
X installer, JGit & EGit, libgit2 (and Visual Studio which uses it)
have been updated at the same time.

Even though the issue may not affect Linux users, if you are a
hosting service whose users may fetch from your service to Windows
or Mac OS X machines, you are strongly encouraged to update to
protect such users who use existing versions of Git.

此前所有版本的 Git 客户端在大小写不敏感的文件系统上存在安全漏洞，攻击者可以通过构造特殊 repo 内容覆盖 Git 的仓库级配置文件 .git/config。升级到 v2.2.1 等紧急维护版本可以解决。

详情参考: http://article.gmane.org/gmane.linux.kernel/1853266

Share a Cup of Open Source !

图片描述