openSUSE-SU-2018:2313-1

Опубликовано: 13 авг. 2018

Источник: suse-cvrf

Описание

Security update for cgit

This update for cgit to version 1.2.1 fixes the following issues:

The following security vulnerability was addressed:

CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off (boo#1103799)

The following other changes were made:

Update to upstream release 1.2.1:
- syntax-highlighting: replace invalid unicode with '?'
- ui-repolist: properly sort by age
- ui-patch: fix crash when using path limit
Update bundled git to 2.11.1
Update to upstream release 1.0:
- Add repo.homepage/gitweb.homepage setting and homepage tab.
- Show reverse paths in title bar so that browser tab shows filename.
- Allow redirects even when caching is turned on.
- More gracefully deal with unparsable commits.

Список пакетов

openSUSE Leap 42.3

cgit-1.2.1-13.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00048.html
E-Mail link for openSUSE-SU-2018:2313-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

Затронутые продукты

openSUSE Leap 42.3:cgit-1.2.1-13.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14912.html
CVE-2018-14912
https://bugzilla.suse.com/1103799
SUSE Bug 1103799

openSUSE-SU-2018:2313-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-14912

Описание

Затронутые продукты

Ссылки