On 09/25/2014 08:41 PM, Nico Kadel-Garcia wrote: > Thinking about it, the git CentOS repository could possibly be > vulnerable, depending on just how the git credentials are managed > there I'd urge a check. no shell out happens at git.centos.org gitweb however, is exposed. As is anything that does a system() call. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc