1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3545-1] cgit security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Apr 7 19:20:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    April 07, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : cgit
    CVE ID : CVE-2016-1899 CVE-2016-1900 CVE-2016-1901
    Debian Bug : 812411

    Several vulnerabilities were discovered in cgit, a fast web frontend for
    git repositories written in C. A remote attacker can take advantage of
    these flaws to perform cross-site scripting, header injection or denial
    of service attacks.

    For the stable distribution (jessie), these problems have been fixed in
    version 0.10.2.git2.0.1-3+deb8u1.

    For the testing distribution (stretch), these problems have been fixed
    in version 0.12.0.git2.7.0-1 or earlier.

    For the unstable distribution (sid), these problems have been fixed in
    version 0.12.0.git2.7.0-1 or earlier.

    We recommend that you upgrade your cgit packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJXBpF+AAoJEAVMuPMTQ89EHj8P/RDL/nR9KN49THDLminmCWtI eFAUH1sG8lkQfwN4/kklwmjY5HEHY/1U+VnFY6tXxAzeidiLquZo06aT//rrtJ23 moQtPs+DzQ9etgllIHmNu8QgUplQDAl3IJxzJJTuwMnpJZc2gl242OLEvVfNE9aS azOfZLSNGqmR1+oqWyoyUwbbIn8Zn0kAOyPUhl65GqmwTGrmkyKRJMij+sf1VRQs jc3n7Tx8gAhsw2Ab7z+i2+d5LRzVEMu/ClfZgG75IS8LlSwOsbxM2jkHlylcsOYw mxccx4RbNQl0B7t1VxOClutrKCA8piVCAFCuLmw8XxXPC8KdBJwvKAS+foeRF2qF B6xBGAWhwHr49VrhG3YwAm4NYPjSjroMa+Cr+vFfRsA16txI+KCqjWv0XWXD6r8i U6YoBMxm254A1MIFMb0mJdyFcBvSs25gUwPcpapzwQ8oIm2J/MBX3cGTAQL5d0Vw 1vdVeirsVK0tEFwhWwOz7+4QwQLafWPQ+8kEPKmYZ4MyorK0UfOLZFCROpqmrFJu BjYgNuBYH4pEoNNvxupsAKQ5FBMhm9+2HV+oHD/D2OmdYyoHnqxFucUmRTQxlInG ZFng74svXklyoN/DNkpPrKD3mNYszdpNRmn1ZwtXyQCRv+8IBJ2FO3QdjqhrXWAE eBABs6+5Ilb2s8hxRfTi
    =nvIl
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)