[ubuntu/bionic-updates] cgit 1.1+git2.10.2-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 16 18:58:04 UTC 2018


cgit (1.1+git2.10.2-3ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Directory traversal vulnerability.
    - d/p/clone-fix-directory-traversal.patch:
      This fixes a directory traversal vulnerability in CGit
      before 1.2.1 when `enable-http-clone=1` is not turned off,
      as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
    - CVE-2018-14912 (LP: #1787021)

Date: 2018-08-15 23:49:12.707986+00:00
Changed-By: Unit 193 <unit193 at gmail.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/cgit/1.1+git2.10.2-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list