Xcode 6.2 is now available and addresses the following:
subversion
Available for: OS X Mavericks v10.9.4 or later
Impact: Multiple vulnerabilities in Apache Subversion
Description: Multiple vulnerabilities existed in Apache Subversion,
the most serious of which may have allowed an attacker with a
privileged position to spoof SSL servers via a crafted certificate.
These issues were addressed by updating Apache Subversion to version
1.7.19.
CVE-ID
CVE-2014-3522
CVE-2014-3528
CVE-2014-3580
CVE-2014-8108
Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .git folder
Description: The checks involved in disallowed paths did not account
for case insensitivity or unicode characters. This issue was
addressed by adding additional checks.
CVE-ID
CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of
Mercurial
Xcode 6.2 may be obtained from:
https://developer.apple.com/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "6.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/
Komentarų nėra:
Rašyti komentarą