I'm a software developer who works on version control tools at Microsoft in Cambridge, Massachusetts. I work on the Git repository management functionality in Visual Studio and Team Foundation Server, as well as a number of open source projects like libgit2 and Infinity.NET.
On the heels of CVE 2014-9390, we are announcing another round of security updates to libgit2. Similar to the prior vulnerability, an attacker can construct a git commit that, when checked out, may cause files to be written to your
.git directory which may lead to arbitrary code execution.