I started reading the article whilst a couple of updates, one of them being for CVS were being installed. Maybe the article's already out of date.
Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue …
Biting the hand that feeds IT © 1998–2021