lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PTET3-0002qN-B2@titan.mandriva.com>
Date: Thu, 16 Dec 2010 15:06:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:256 ] git

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:256
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : git
 Date    : December 16, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in git (gitweb):
 
 A cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
 previous versions allows remote attackers to inject arbitrary web
 script or HTML code via f and fp variables (CVE-2010-3906).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3906
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 15c6c8e663e112968a98f67243d4165c  2010.0/i586/git-1.6.4.4-6.2mdv2010.0.i586.rpm
 ea519ed2c9e56e0594c0771107356732  2010.0/i586/git-arch-1.6.4.4-6.2mdv2010.0.i586.rpm
 895446404fa0dfce5d19144671ed1d58  2010.0/i586/git-core-1.6.4.4-6.2mdv2010.0.i586.rpm
 e1ab40047940ba28c6c0c9a5a68277ea  2010.0/i586/git-core-oldies-1.6.4.4-6.2mdv2010.0.i586.rpm
 b5fca4236ba01fb8fc0d6e40dd74eeda  2010.0/i586/git-cvs-1.6.4.4-6.2mdv2010.0.i586.rpm
 d6026b630526334ace8a9420b8cd1dc9  2010.0/i586/git-email-1.6.4.4-6.2mdv2010.0.i586.rpm
 1d2ab4948d75bfb7af68bcd6de18a79e  2010.0/i586/gitk-1.6.4.4-6.2mdv2010.0.i586.rpm
 e000cbff804e4bb6dced1dfd15678d98  2010.0/i586/git-prompt-1.6.4.4-6.2mdv2010.0.i586.rpm
 fce22e0903d3dc13755d05ec1dcd7358  2010.0/i586/git-svn-1.6.4.4-6.2mdv2010.0.i586.rpm
 2b9a48fb82d2521fce11d2eab51298b8  2010.0/i586/gitview-1.6.4.4-6.2mdv2010.0.i586.rpm
 0e3f625e4b886577abce568a7db75da0  2010.0/i586/gitweb-1.6.4.4-6.2mdv2010.0.i586.rpm
 fe80f6e5e4db38dec9b8334378dc0e14  2010.0/i586/libgit-devel-1.6.4.4-6.2mdv2010.0.i586.rpm
 f2710d68e2c0290fa2b22000cef76a3f  2010.0/i586/perl-Git-1.6.4.4-6.2mdv2010.0.i586.rpm 
 730c9b5525ac0e2da39f8ef32a1498cd  2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a3afd97e663cb90681d50139edce49c7  2010.0/x86_64/git-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 12e76316c218b3d083d950d57a8194af  2010.0/x86_64/git-arch-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 92675ada81afedbad206f9c680210bef  2010.0/x86_64/git-core-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 9af754c3e680fd22802238f0cf583584  2010.0/x86_64/git-core-oldies-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 4ee453fd305589d3c64ffbd164eea546  2010.0/x86_64/git-cvs-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 d9325cbbec0fb01f00b90cc159f2af2c  2010.0/x86_64/git-email-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 87be13e1d689c930b1af08c1ed3d904f  2010.0/x86_64/gitk-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 3962c77c3076c3b549d59ab1d4788586  2010.0/x86_64/git-prompt-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 508ce5a1e7532bf1241cce30248b1787  2010.0/x86_64/git-svn-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 3f0ea846c90614d0cccb6fc5a5d0e133  2010.0/x86_64/gitview-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 879caf7d5367b1cf6d09a0fb73c73e0d  2010.0/x86_64/gitweb-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 f6d384b435e7f40a247e5c39cfc13bc5  2010.0/x86_64/lib64git-devel-1.6.4.4-6.2mdv2010.0.x86_64.rpm
 af291198629803300cf20d660eecb976  2010.0/x86_64/perl-Git-1.6.4.4-6.2mdv2010.0.x86_64.rpm 
 730c9b5525ac0e2da39f8ef32a1498cd  2010.0/SRPMS/git-1.6.4.4-6.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 62eb011ee3b83954a7507ecca7b7a4ca  2010.1/i586/git-1.7.1-1.2mdv2010.1.i586.rpm
 1dab4de8f3ecb6707863b0175e96d29e  2010.1/i586/git-arch-1.7.1-1.2mdv2010.1.i586.rpm
 e4441bda2654842a96a65d4ca3cf8015  2010.1/i586/git-core-1.7.1-1.2mdv2010.1.i586.rpm
 491f4f4bbd1c1f02c6cf7f87b73a82c0  2010.1/i586/git-core-oldies-1.7.1-1.2mdv2010.1.i586.rpm
 8533935734290a831f0f4214726eab0c  2010.1/i586/git-cvs-1.7.1-1.2mdv2010.1.i586.rpm
 fb98b059578c98a512de02d4949571a6  2010.1/i586/git-email-1.7.1-1.2mdv2010.1.i586.rpm
 cacb3c8b70b9e96084db260d1dda3d10  2010.1/i586/gitk-1.7.1-1.2mdv2010.1.i586.rpm
 3c7b76d7f637d53ba45554fbff24823b  2010.1/i586/git-prompt-1.7.1-1.2mdv2010.1.i586.rpm
 0a304d8e50e7a9e57b69db4ab74af45c  2010.1/i586/git-svn-1.7.1-1.2mdv2010.1.i586.rpm
 9eb13c3489600816342700b7b2b32c96  2010.1/i586/gitview-1.7.1-1.2mdv2010.1.i586.rpm
 3f1df41a0701012b68652d956a631bed  2010.1/i586/gitweb-1.7.1-1.2mdv2010.1.i586.rpm
 1bc26d6014ac921ef984bb24f7f6e3fc  2010.1/i586/libgit-devel-1.7.1-1.2mdv2010.1.i586.rpm
 fe5ad73829671056af9e74cf93447a51  2010.1/i586/perl-Git-1.7.1-1.2mdv2010.1.i586.rpm
 117bb2fbc9c76897eab3a259710a7dda  2010.1/i586/python-git-1.7.1-1.2mdv2010.1.i586.rpm 
 0768add7131acc7c4534b0004bf6ad25  2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 998a1b44740e7e9e60028fd729274fd2  2010.1/x86_64/git-1.7.1-1.2mdv2010.1.x86_64.rpm
 0aa52b00cac453776c38f8cd0fb37dce  2010.1/x86_64/git-arch-1.7.1-1.2mdv2010.1.x86_64.rpm
 8fe9b7defaf8a77854e5062836d31eab  2010.1/x86_64/git-core-1.7.1-1.2mdv2010.1.x86_64.rpm
 f506180c659e39e7e362e06d78e9238e  2010.1/x86_64/git-core-oldies-1.7.1-1.2mdv2010.1.x86_64.rpm
 6719358a0794081832c1c99914967337  2010.1/x86_64/git-cvs-1.7.1-1.2mdv2010.1.x86_64.rpm
 4ab39ebc290ad406e2c69ee7ec14077d  2010.1/x86_64/git-email-1.7.1-1.2mdv2010.1.x86_64.rpm
 b4c55fc40c14613cc337ca4e81d77c02  2010.1/x86_64/gitk-1.7.1-1.2mdv2010.1.x86_64.rpm
 73ac288d7009a3d019471514041abc23  2010.1/x86_64/git-prompt-1.7.1-1.2mdv2010.1.x86_64.rpm
 6241fd94af141a2bea309dfda63b7477  2010.1/x86_64/git-svn-1.7.1-1.2mdv2010.1.x86_64.rpm
 9e326c5e23ebaf27918ec0cb592ba19d  2010.1/x86_64/gitview-1.7.1-1.2mdv2010.1.x86_64.rpm
 6e4181a2d8e2fdbe31a780921315d500  2010.1/x86_64/gitweb-1.7.1-1.2mdv2010.1.x86_64.rpm
 c47525f2a161cdac7ae7ee0ad1934f5f  2010.1/x86_64/lib64git-devel-1.7.1-1.2mdv2010.1.x86_64.rpm
 a82c1d8a46096294a8ec61bfbabbb9b7  2010.1/x86_64/perl-Git-1.7.1-1.2mdv2010.1.x86_64.rpm
 556861e62fd203b4ebff5384a5c58529  2010.1/x86_64/python-git-1.7.1-1.2mdv2010.1.x86_64.rpm 
 0768add7131acc7c4534b0004bf6ad25  2010.1/SRPMS/git-1.7.1-1.2mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNCfA6mqjQ0CJFipgRAvxBAJ4iyT8rF6LbDh3GCg7VylsZDJ3z/QCfQzUw
o2PiVM7Yh0revxCGtWskmho=
=A0ET
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ