oss-sec mailing list archives
Re: CVE Request: gitolite path traversal vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 09 Oct 2012 22:48:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/2012 09:45 PM, Eitan Adler wrote:
Announcement: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion Code change: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
Please
use CVE-2012-4506 for this issue.
Hope I did this right ;)
Yup, only thing better would have been to mention the previous gitolite CVE (from April 2011) which is different than this (similar but different =). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQdP40AAoJEBYNRVNeJnmTiKMQAJD4nyKyxX47GWVbrpmv9yRh GubQfh4hSPgwCGsWtpw2omON14YHWEWOASdYNSsFs7RXfRVJSsESC0ZSsQVC7y0l /JJUIS3Ilv6ih8dcKnyP48/Zpu/gDPOXHoMw7g6Bc5TiXB5NWj8uQCfdMptXB2Fd eUk3WfFEBbubZGlmT31589O4pzIFvz5dtrlOnb30HASeHuOCNZdbYN7Ok7/XKIvM zgivnqkDbVYDMNhF3qpdQuNau443V7b8FlcjyoYvEqne688RY8U05NEy3/i1fHUI 1W7qxlgEbtcRPBPkEE9XkQMvAuNBeuMRfAiqLbGr7Q360LRcxnvGUd+OtRogJzuA 3DLNMuETvgwTWO7KPwPu4y1CCGyK8VUeuQMmtbNZx1S5rBeIhr/QwqPKEplm+Uka SSHmdo09YtdV/JIRRM7xsLfSUXIFER8LWchZaGAWg3rvwRtxYTZC0seU+MzSJ58q +2KVBJpuV3C1DVPlLpjbql8N1emQ5G52cKAI4Fj9Hzdjz/qcUdPVQmN6BnDJ46sY jDetuTK5J1M6OiqaNsCDnMMF0gBoN4KQgyNGGbMGedBi2fGqBVgyABE0DVHuX86C gWFO0eaHXwavV9uGWkMx+w89JIHuns8VkgtC3BRJmbXM0Pqy9Gz+CJJVyD/kcDxB uCf/vwE0iCqyVJU70EJp =nzck -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gitolite path traversal vulnerability Eitan Adler (Oct 09)
- Re: CVE Request: gitolite path traversal vulnerability Kurt Seifried (Oct 09)