lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1aoDVL-00063q-2Y@master.debian.org> Date: Thu, 07 Apr 2016 17:14:03 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 3545-1] cgit security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 security@...ian.org https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cgit CVE ID : CVE-2016-1899 CVE-2016-1900 CVE-2016-1901 Debian Bug : 812411 Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. For the stable distribution (jessie), these problems have been fixed in version 0.10.2.git2.0.1-3+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 0.12.0.git2.7.0-1 or earlier. For the unstable distribution (sid), these problems have been fixed in version 0.12.0.git2.7.0-1 or earlier. We recommend that you upgrade your cgit packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXBpF+AAoJEAVMuPMTQ89EHj8P/RDL/nR9KN49THDLminmCWtI eFAUH1sG8lkQfwN4/kklwmjY5HEHY/1U+VnFY6tXxAzeidiLquZo06aT//rrtJ23 moQtPs+DzQ9etgllIHmNu8QgUplQDAl3IJxzJJTuwMnpJZc2gl242OLEvVfNE9aS azOfZLSNGqmR1+oqWyoyUwbbIn8Zn0kAOyPUhl65GqmwTGrmkyKRJMij+sf1VRQs jc3n7Tx8gAhsw2Ab7z+i2+d5LRzVEMu/ClfZgG75IS8LlSwOsbxM2jkHlylcsOYw mxccx4RbNQl0B7t1VxOClutrKCA8piVCAFCuLmw8XxXPC8KdBJwvKAS+foeRF2qF B6xBGAWhwHr49VrhG3YwAm4NYPjSjroMa+Cr+vFfRsA16txI+KCqjWv0XWXD6r8i U6YoBMxm254A1MIFMb0mJdyFcBvSs25gUwPcpapzwQ8oIm2J/MBX3cGTAQL5d0Vw 1vdVeirsVK0tEFwhWwOz7+4QwQLafWPQ+8kEPKmYZ4MyorK0UfOLZFCROpqmrFJu BjYgNuBYH4pEoNNvxupsAKQ5FBMhm9+2HV+oHD/D2OmdYyoHnqxFucUmRTQxlInG ZFng74svXklyoN/DNkpPrKD3mNYszdpNRmn1ZwtXyQCRv+8IBJ2FO3QdjqhrXWAE eBABs6+5Ilb2s8hxRfTi =nvIl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists