oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: gitolite path traversal vulnerability

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 09 Oct 2012 22:48:55 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/09/2012 09:45 PM, Eitan Adler wrote:

Announcement: 
https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion

 Code change: 
https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2


Please



use CVE-2012-4506 for this issue.


Hope I did this right ;)


Yup, only thing better would have been to mention the previous
gitolite CVE (from April 2011) which is different than this (similar
but different =).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdP40AAoJEBYNRVNeJnmTiKMQAJD4nyKyxX47GWVbrpmv9yRh
GubQfh4hSPgwCGsWtpw2omON14YHWEWOASdYNSsFs7RXfRVJSsESC0ZSsQVC7y0l
/JJUIS3Ilv6ih8dcKnyP48/Zpu/gDPOXHoMw7g6Bc5TiXB5NWj8uQCfdMptXB2Fd
eUk3WfFEBbubZGlmT31589O4pzIFvz5dtrlOnb30HASeHuOCNZdbYN7Ok7/XKIvM
zgivnqkDbVYDMNhF3qpdQuNau443V7b8FlcjyoYvEqne688RY8U05NEy3/i1fHUI
1W7qxlgEbtcRPBPkEE9XkQMvAuNBeuMRfAiqLbGr7Q360LRcxnvGUd+OtRogJzuA
3DLNMuETvgwTWO7KPwPu4y1CCGyK8VUeuQMmtbNZx1S5rBeIhr/QwqPKEplm+Uka
SSHmdo09YtdV/JIRRM7xsLfSUXIFER8LWchZaGAWg3rvwRtxYTZC0seU+MzSJ58q
+2KVBJpuV3C1DVPlLpjbql8N1emQ5G52cKAI4Fj9Hzdjz/qcUdPVQmN6BnDJ46sY
jDetuTK5J1M6OiqaNsCDnMMF0gBoN4KQgyNGGbMGedBi2fGqBVgyABE0DVHuX86C
gWFO0eaHXwavV9uGWkMx+w89JIHuns8VkgtC3BRJmbXM0Pqy9Gz+CJJVyD/kcDxB
uCf/vwE0iCqyVJU70EJp
=nzck
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: