[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PTET3-0002qN-B2@titan.mandriva.com>
Date: Thu, 16 Dec 2010 15:06:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:256 ] git
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:256
http://www.mandriva.com/security/
_______________________________________________________________________
Package : git
Date : December 16, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in git (gitweb):
A cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
previous versions allows remote attackers to inject arbitrary web
script or HTML code via f and fp variables (CVE-2010-3906).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
15c6c8e663e112968a98f67243d4165c 2010.0/i586/git-1.6.4.4-6.2mdv2010.0.i586.rpm
ea519ed2c9e56e0594c0771107356732 2010.0/i586/git-arch-1.6.4.4-6.2mdv2010.0.i586.rpm
895446404fa0dfce5d19144671ed1d58 2010.0/i586/git-core-1.6.4.4-6.2mdv2010.0.i586.rpm
e1ab40047940ba28c6c0c9a5a68277ea 2010.0/i586/git-core-oldies-1.6.4.4-6.2mdv2010.0.i586.rpm
b5fca4236ba01fb8fc0d6e40dd74eeda 2010.0/i586/git-cvs-1.6.4.4-6.2mdv2010.0.i586.rpm
d6026b630526334ace8a9420b8cd1dc9 2010.0/i586/git-email-1.6.4.4-6.2mdv2010.0.i586.rpm
1d2ab4948d75bfb7af68bcd6de18a79e 2010.0/i586/gitk-1.6.4.4-6.2mdv2010.0.i586.rpm
e000cbff804e4bb6dced1dfd15678d98 2010.0/i586/git-prompt-1.6.4.4-6.2mdv2010.0.i586.rpm
fce22e0903d3dc13755d05ec1dcd7358 2010.0/i586/git-svn-1.6.4.4-6.2mdv2010.0.i586.rpm
2b9a48fb82d2521fce11d2eab51298b8 2010.0/i586/gitview-1.6.4.4-6.2mdv2010.0.i586.rpm
0e3f625e4b886577abce568a7db75da0 2010.0/i586/gitweb-1.6.4.4-6.2mdv2010.0.i586.rpm
fe80f6e5e4db38dec9b8334378dc0e14 2010.0/i586/libgit-devel-1.6.4.4-6.2mdv2010.0.i586.rpm
f2710d68e2c0290fa2b22000cef76a3f 2010.0/i586/perl-Git-1.6.4.4-6.2mdv2010.0.i586.rpm
730c9b5525ac0e2da39f8ef32a1498cd 2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
a3afd97e663cb90681d50139edce49c7 2010.0/x86_64/git-1.6.4.4-6.2mdv2010.0.x86_64.rpm
12e76316c218b3d083d950d57a8194af 2010.0/x86_64/git-arch-1.6.4.4-6.2mdv2010.0.x86_64.rpm
92675ada81afedbad206f9c680210bef 2010.0/x86_64/git-core-1.6.4.4-6.2mdv2010.0.x86_64.rpm
9af754c3e680fd22802238f0cf583584 2010.0/x86_64/git-core-oldies-1.6.4.4-6.2mdv2010.0.x86_64.rpm
4ee453fd305589d3c64ffbd164eea546 2010.0/x86_64/git-cvs-1.6.4.4-6.2mdv2010.0.x86_64.rpm
d9325cbbec0fb01f00b90cc159f2af2c 2010.0/x86_64/git-email-1.6.4.4-6.2mdv2010.0.x86_64.rpm
87be13e1d689c930b1af08c1ed3d904f 2010.0/x86_64/gitk-1.6.4.4-6.2mdv2010.0.x86_64.rpm
3962c77c3076c3b549d59ab1d4788586 2010.0/x86_64/git-prompt-1.6.4.4-6.2mdv2010.0.x86_64.rpm
508ce5a1e7532bf1241cce30248b1787 2010.0/x86_64/git-svn-1.6.4.4-6.2mdv2010.0.x86_64.rpm
3f0ea846c90614d0cccb6fc5a5d0e133 2010.0/x86_64/gitview-1.6.4.4-6.2mdv2010.0.x86_64.rpm
879caf7d5367b1cf6d09a0fb73c73e0d 2010.0/x86_64/gitweb-1.6.4.4-6.2mdv2010.0.x86_64.rpm
f6d384b435e7f40a247e5c39cfc13bc5 2010.0/x86_64/lib64git-devel-1.6.4.4-6.2mdv2010.0.x86_64.rpm
af291198629803300cf20d660eecb976 2010.0/x86_64/perl-Git-1.6.4.4-6.2mdv2010.0.x86_64.rpm
730c9b5525ac0e2da39f8ef32a1498cd 2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
62eb011ee3b83954a7507ecca7b7a4ca 2010.1/i586/git-1.7.1-1.2mdv2010.1.i586.rpm
1dab4de8f3ecb6707863b0175e96d29e 2010.1/i586/git-arch-1.7.1-1.2mdv2010.1.i586.rpm
e4441bda2654842a96a65d4ca3cf8015 2010.1/i586/git-core-1.7.1-1.2mdv2010.1.i586.rpm
491f4f4bbd1c1f02c6cf7f87b73a82c0 2010.1/i586/git-core-oldies-1.7.1-1.2mdv2010.1.i586.rpm
8533935734290a831f0f4214726eab0c 2010.1/i586/git-cvs-1.7.1-1.2mdv2010.1.i586.rpm
fb98b059578c98a512de02d4949571a6 2010.1/i586/git-email-1.7.1-1.2mdv2010.1.i586.rpm
cacb3c8b70b9e96084db260d1dda3d10 2010.1/i586/gitk-1.7.1-1.2mdv2010.1.i586.rpm
3c7b76d7f637d53ba45554fbff24823b 2010.1/i586/git-prompt-1.7.1-1.2mdv2010.1.i586.rpm
0a304d8e50e7a9e57b69db4ab74af45c 2010.1/i586/git-svn-1.7.1-1.2mdv2010.1.i586.rpm
9eb13c3489600816342700b7b2b32c96 2010.1/i586/gitview-1.7.1-1.2mdv2010.1.i586.rpm
3f1df41a0701012b68652d956a631bed 2010.1/i586/gitweb-1.7.1-1.2mdv2010.1.i586.rpm
1bc26d6014ac921ef984bb24f7f6e3fc 2010.1/i586/libgit-devel-1.7.1-1.2mdv2010.1.i586.rpm
fe5ad73829671056af9e74cf93447a51 2010.1/i586/perl-Git-1.7.1-1.2mdv2010.1.i586.rpm
117bb2fbc9c76897eab3a259710a7dda 2010.1/i586/python-git-1.7.1-1.2mdv2010.1.i586.rpm
0768add7131acc7c4534b0004bf6ad25 2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
998a1b44740e7e9e60028fd729274fd2 2010.1/x86_64/git-1.7.1-1.2mdv2010.1.x86_64.rpm
0aa52b00cac453776c38f8cd0fb37dce 2010.1/x86_64/git-arch-1.7.1-1.2mdv2010.1.x86_64.rpm
8fe9b7defaf8a77854e5062836d31eab 2010.1/x86_64/git-core-1.7.1-1.2mdv2010.1.x86_64.rpm
f506180c659e39e7e362e06d78e9238e 2010.1/x86_64/git-core-oldies-1.7.1-1.2mdv2010.1.x86_64.rpm
6719358a0794081832c1c99914967337 2010.1/x86_64/git-cvs-1.7.1-1.2mdv2010.1.x86_64.rpm
4ab39ebc290ad406e2c69ee7ec14077d 2010.1/x86_64/git-email-1.7.1-1.2mdv2010.1.x86_64.rpm
b4c55fc40c14613cc337ca4e81d77c02 2010.1/x86_64/gitk-1.7.1-1.2mdv2010.1.x86_64.rpm
73ac288d7009a3d019471514041abc23 2010.1/x86_64/git-prompt-1.7.1-1.2mdv2010.1.x86_64.rpm
6241fd94af141a2bea309dfda63b7477 2010.1/x86_64/git-svn-1.7.1-1.2mdv2010.1.x86_64.rpm
9e326c5e23ebaf27918ec0cb592ba19d 2010.1/x86_64/gitview-1.7.1-1.2mdv2010.1.x86_64.rpm
6e4181a2d8e2fdbe31a780921315d500 2010.1/x86_64/gitweb-1.7.1-1.2mdv2010.1.x86_64.rpm
c47525f2a161cdac7ae7ee0ad1934f5f 2010.1/x86_64/lib64git-devel-1.7.1-1.2mdv2010.1.x86_64.rpm
a82c1d8a46096294a8ec61bfbabbb9b7 2010.1/x86_64/perl-Git-1.7.1-1.2mdv2010.1.x86_64.rpm
556861e62fd203b4ebff5384a5c58529 2010.1/x86_64/python-git-1.7.1-1.2mdv2010.1.x86_64.rpm
0768add7131acc7c4534b0004bf6ad25 2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNCfA6mqjQ0CJFipgRAvxBAJ4iyT8rF6LbDh3GCg7VylsZDJ3z/QCfQzUw
o2PiVM7Yh0revxCGtWskmho=
=A0ET
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists